cbcvebase.

Run-Llama Llama Index vulnerabilities

24 known vulnerabilities affecting run-llama/run-llama_llama_index.

Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH12MEDIUM6

Vulnerabilities

Page 1 of 2
CVE-2024-3271P2CRITICALCVSS 9.8≥ unspecified, < 10.262024-04-16
CVE-2024-3271 [CRITICAL] CWE-77 CVE-2024-3271: A command injection vulnerability exists in the run-llama/llama_index repository, specifically withi A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but
nvd
CVE-2024-12909P2CRITICALCVSS 9.8≥ unspecified, < 0.3.02025-03-20
CVE-2024-12909 [CRITICAL] CWE-89 CVE-2024-12909: A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code execution (RCE) through the use of PostgreSQL's large
nvd
CVE-2024-11958P2CRITICALCVSS 9.8≥ unspecified, < 0.4.02025-03-20
CVE-2024-11958 [CRITICAL] CWE-89 CVE-2024-11958: A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_inde A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. This can lead to remote code execution (RCE) by inst
nvd
CVE-2025-1750P2CRITICALCVSS 9.8≥ unspecified, < 0.3.12025-06-02
CVE-2025-1750 [CRITICAL] CWE-89 CVE-2025-1750: An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
nvd
CVE-2025-1793P3CRITICALCVSS 9.8≥ unspecified, < 0.12.282025-06-05
CVE-2025-1793 [CRITICAL] CWE-89 CVE-2025-1793: Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vuln Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
nvd
CVE-2024-4181P3HIGHCVSS 8.8≥ unspecified, < 0.10.132024-05-16
CVE-2024-4181 [HIGH] CWE-94 CVE-2024-4181: A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on th
nvd
CVE-2023-39662P3CRITICALCVSS 9.8≥ unspecified, < 0.10.242023-08-15
CVE-2023-39662 [CRITICAL] CWE-74 CVE-2023-39662: An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via t An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.
nvd
CVE-2025-6209P3HIGHCVSS 7.5≥ unspecified, < 0.12.412025-07-07
CVE-2025-6209 [HIGH] CWE-29 CVE-2025-6209: A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, spe A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validat
nvd
CVE-2025-3108P3HIGHCVSS 7.5≥ unspecified, < v0.12.412025-07-06
CVE-2025-3108 [HIGH] CWE-1112 CVE-2025-3108: A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSer A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execu
nvd
CVE-2025-3046P3HIGHCVSS 7.5≥ unspecified, < 0.12.282025-07-07
CVE-2025-3046 [HIGH] CWE-22 CVE-2025-3046: A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12 A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to pla
nvd
CVE-2025-1753P3HIGHCVSS 7.8≥ unspecified, < 0.4.12025-05-28
CVE-2025-1753 [HIGH] CWE-78 CVE-2025-1753: LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability a LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argument can inject and execute arbitrary shell commands. This vulnerability can be exploited locally if the
nvd
CVE-2025-5302P3HIGHCVSS 8.6≥ unspecified, < 0.12.382025-08-25
CVE-2025-5302 [HIGH] CWE-674 CVE-2025-5302: A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index re A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and pote
nvd
CVE-2024-12704P3HIGHCVSS 7.5≥ unspecified, < 0.12.62025-03-20
CVE-2024-12704 [HIGH] CWE-835 CVE-2024-12704: A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before th
nvd
CVE-2025-7647P3HIGHCVSS 7.3≥ unspecified, < v0.13.02025-09-27
CVE-2025-7647 [HIGH] CWE-378 CVE-2025-7647: The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir( The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or con
nvd
CVE-2025-1752P3HIGHCVSS 7.5≥ unspecified, < 0.3.62025-05-10
CVE-2025-1752 [HIGH] CWE-674 CVE-2025-1752: A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of t A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This
nvd
CVE-2025-3225P3HIGHCVSS 7.5≥ unspecified, < v0.12.292025-07-07
CVE-2025-3225 [HIGH] CWE-776 CVE-2025-3225: An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitema An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a
nvd
CVE-2025-7707P3HIGHCVSS 7.8≥ unspecified, < v0.13.02025-10-13
CVE-2025-7707 [HIGH] CWE-377 CVE-2025-7707: The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codeba The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability a
nvd
CVE-2024-12911P3HIGHCVSS 7.1≥ unspecified, < 0.5.12025-03-20
CVE-2024-12911 [HIGH] CWE-89 CVE-2024-12911: A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/ A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1.
nvd
CVE-2025-6211P4MEDIUMCVSS 6.5≥ unspecified, < 0.3.12025-07-10
CVE-2025-6211 [MEDIUM] CWE-440 CVE-2025-6211: A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0 A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically
nvd
CVE-2025-6210P4MEDIUMCVSS 6.2≥ unspecified, < 0.5.22025-07-07
CVE-2025-6210 [MEDIUM] CWE-22 CVE-2025-6210: A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hard
nvd
Run-Llama Llama Index vulnerabilities | cvebase