cbcvebase.

Run-Llama Llama Index vulnerabilities

24 known vulnerabilities affecting run-llama/run-llama_llama_index.

Total CVEs
24
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH12MEDIUM6

Vulnerabilities

Page 2 of 2
CVE-2025-5472P4MEDIUMCVSS 6.5≥ unspecified, < 0.12.382025-07-07
CVE-2025-5472 [MEDIUM] CWE-674 CVE-2025-5472: The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to un The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traver
nvd
CVE-2025-6208P4MEDIUMCVSS 5.3≥ unspecified, < 0.12.412026-02-02
CVE-2025-6208 [MEDIUM] CWE-400 CVE-2025-6208: The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolle The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded
nvd
CVE-2025-3044P4MEDIUMCVSS 5.3≥ unspecified, < 0.12.282025-07-07
CVE-2025-3044 [MEDIUM] CWE-440 CVE-2025-3044: A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0. A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI m
nvd
CVE-2024-12910P4MEDIUMCVSS 5.9≥ unspecified, < 0.3.32025-03-20
CVE-2024-12910 [MEDIUM] CWE-674 CVE-2024-12910: A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, versi A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the a
nvd
Run-Llama Llama Index vulnerabilities | cvebase