Lucene search
K

7 matches found

Veracode
Veracode
added 2025/12/13 7:19 a.m.12 views

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...

9.8CVSS7.5AI score0.01311EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7043

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01311EPSS
Exploits1References3
Snyk
Snyk
added 2025/03/20 10:51 a.m.2 views

SQL Injection

Overview llama-index-retrievers-duckdb-retriever is a llama-index retrievers duckdb-retriever integration Affected versions of this package are vulnerable to SQL Injection in the retrieve function, which sends an unparameterized SQL query based on user input for the values of "search using string...

9.8CVSS7.9AI score0.01311EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.14 views

CVE-2024-11958 SQL Injection in run-llama/llama_index

A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...

9.8CVSS0.01311EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:10 a.m.7 views

CVE-2024-11958 SQL Injection in run-llama/llama_index

A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...

9.8CVSS7.9AI score0.01311EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-11958 SQL Injection in run-llama/llama_index

A SQL injection vulnerability exists in the duckdbretriever component of the run-llama/llamaindex repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. Thi...

9.8CVSS9.9AI score0.01311EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12114

Name of the Vulnerable Software and Affected Versions run-llama/llama index versions prior to v0.4.0 Description A SQL injection vulnerability exists in the duckdb retriever component. The issue stems from constructing SQL queries without utilizing prepared statements, which allows for the...

9.8CVSS8AI score0.01311EPSS
Exploits1References11
Rows per page
Query Builder