GHSA-P7J4-JWJF-5X9W LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions

A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...

CVE-2025-3044

The CVE-2025-3044 affects the ArxivReader class in the llama_index project. Versions up to v0.12.22.post1 are vulnerable to MD5 hash collisions when generating filenames for downloaded papers, which can cause papers with identical titles but different contents to overwrite each other, leading to ...

PT-2025-28148 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index versions up to v0.12.22.post1 Description: A vulnerability in the ArxivReader class allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but...

MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to Data Loss

Description The ArxivReader class in LlamaIndex is responsible for searching for papers on ArXiv, downloading them, and processing them for AI model training. The workflow of ArxivReader is as follows: 1. The user searches for a specific topic on ArXiv, retrieving a list of relevant papers. impor...