EUVD-2025-6982

Malicious code in bioql PyPI...

llama-index-packs-finchat SQL Injection vulnerability

A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...

CVE-2024-12909

A vulnerability in the FinanceChatLlamaPack of the run-llama/llamaindex repository, versions up to v0.12.3, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code executi...

CVE-2024-12909

A vulnerability in the FinanceChatLlamaPack of the run-llama/llamaindex repository, versions up to v0.12.3, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code executi...

CVE-2024-12909

CVE-2024-12909 affects the FinanceChatLlamaPack within the run-llama/llama_index project (up to v0.12.3). The root cause is an SQL injection in the database_agent’s run_sql_query function, which can be exploited to inject arbitrary SQL and trigger remote code execution through PostgreSQL large ob...

PT-2025-12156 · Unknown +1 · Run-Llama/Llama Index +1

Name of the Vulnerable Software and Affected Versions: llama-index-packs-finchat versions up to v0.3.0 run-llama/llama index versions up to v0.12.3 Description: A vulnerability exists in the FinanceChatLlamaPack component, allowing for SQL injection in the run sql query function within the databa...