7 matches found
SQL Injection
llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...
EUVD-2025-7043
Malicious code in bioql PyPI...
SQL Injection
Overview llama-index-retrievers-duckdb-retriever is a llama-index retrievers duckdb-retriever integration Affected versions of this package are vulnerable to SQL Injection in the retrieve function, which sends an unparameterized SQL query based on user input for the values of "search using string...
CVE-2024-11958 SQL Injection in run-llama/llama_index
A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...
CVE-2024-11958 SQL Injection in run-llama/llama_index
A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...
CVE-2024-11958 SQL Injection in run-llama/llama_index
A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...
PT-2025-12114
Name of the Vulnerable Software and Affected Versions run-llama/llama index versions prior to v0.4.0 Description A SQL injection vulnerability exists in the duckdb retriever component. The issue stems from constructing SQL queries without utilizing prepared statements, which allows for the...