Denial-of-Service (DoS)

llamaindex.core is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to uncontrolled memory consumption in SimpleDirectoryReader, where all files in a directory are loaded into memory before enforcing the numfileslimit, allowing large directories to exhaust memory and degrade or cra...

Allocation of Resources Without Limits or Throttling

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SimpleDirectoryReader class readers/file/base.py. The configured numfileslimit is respected, but enforced after all...

GHSA-488G-HW5F-X29P llama-index-core vulnerable to Uncontrolled Resource Consumption

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

CVE-2025-6208

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

CVE-2025-6208

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

CVE-2025-6208

The CVE-2025-6208 issue affects llama_index.core, specifically the SimpleDirectoryReader class, where the configured num_files_limit is enforced after all files in a directory are loaded into memory. This causes uncontrolled memory consumption and potential DoS in resource-constrained environment...

CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

EUVD-2023-53280

Malicious code in bioql PyPI...

CVE-2023-49287 Buffer overflow vulnerabilities in tinydir

TinyDir is a lightweight C directory and file reader. Buffer overflows in the tinydirfileopen function. This vulnerability has been patched in version 1.2.6...

TinyDir Security Vulnerability

TinyDir is lightweight, portable and easy to integrate C directory and file reader. A security vulnerability exists in TinyDir versions prior to 1.2.6 that stems from the presence of a buffer overflow vulnerability...

security flaw

Integer overflow in 1 tifdirread.c and 2 tiffax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFFASCII or TIFFUNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow...