166 matches found
PYSEC-2026-397 llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...
PYSEC-2026-396 llama-index-core Command Injection vulnerability
A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...
PYSEC-2026-398 llama-index-packs-finchat SQL Injection vulnerability
A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...
ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-44345 via bentoml (>=1.0.0a7 <=1.4.3)
bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-44345 Source advisory: SNYK:PYTHON-BENTOML-16642321...
Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...
ai-dynamo (=0.1.0), bentoctl (=0.2.3) +6 more potentially affected by CVE-2026-35043 via bentoml (>=1.0.0a7 <=1.4.3)
bentoml PYPI version =1.0.0a7, =1.0.1, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.6.20 - raptor-labsdk =0.3.2 Source cves: CVE-2026-35043 Source advisory: SNYK:PYTHON-BENTOML-15909743...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-5320 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-5320 Source advisory: SNYK:PYTHON-VANNA-15873865...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-5321 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-5321 Source advisory: SNYK:PYTHON-VANNA-15873866...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4513 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4513 Source advisory: SNYK:PYTHON-VANNA-15756488...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4511 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4511 Source advisory: SNYK:PYTHON-VANNA-15756186...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4231 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4231 Source advisory: SNYK:PYTHON-VANNA-15674520...
cy-ai-trainer (>=0.0.1 <=0.0.2), llama-index-packs-vanna (>=0.0.1 <=0.3.0) +2 more potentially affected by CVE-2026-4230 via vanna (>=0.0.30 <=2.0.2)
vanna PYPI version =0.0.30, =0.0.1, =0.0.1, =1.0.0, =2.0.0 Source cves: CVE-2026-4230 Source advisory: SNYK:PYTHON-VANNA-15674519...
ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-27905 via bentoml (>=0.10.1 <=1.4.3)
bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-27905 Source advisory: OSV:GHSA-M6W7-QV66-G3MF...
Denial-of-Service (DoS)
llamaindex.core is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to uncontrolled memory consumption in SimpleDirectoryReader, where all files in a directory are loaded into memory before enforcing the numfileslimit, allowing large directories to exhaust memory and degrade or cra...
aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-6208 via llama-index-core (>=0.10.0 <=0.12.39)
llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-6208 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-15170850...
Allocation of Resources Without Limits or Throttling
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SimpleDirectoryReader class readers/file/base.py. The configured numfileslimit is respected, but enforced after all...
CVE-2025-6208
A flaw was found in llamaindex. The SimpleDirectoryReader component loads all files from a specified directory into memory before applying a user-defined file limit. This resource management flaw allows an attacker to cause uncontrolled memory consumption. This can lead to memory exhaustion and...
GHSA-488G-HW5F-X29P llama-index-core vulnerable to Uncontrolled Resource Consumption
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...