12 matches found
EUVD-2025-20156
Malicious code in bioql PyPI...
CVE-2025-3108
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
Remote Code Execution (RCE)
llama-index-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to the JsonPickleSerializer component falling back to Python’s pickle.loads without proper input validation, allowing execution of arbitrary code from untrusted data...
GHSA-M84C-4C34-28GF LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
Incomplete Documentation of Program Execution exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer...
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
Incomplete Documentation of Program Execution exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer...
Deserialization of Untrusted Data
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPickleSerializer process. An attacker can execute arbitrary code by submitting specially crafted serialized data that triggers the...
CVE-2025-3108
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
CVE-2025-3108
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...
CVE-2025-3108
CVE-2025-3108 affects run-llama/llama_index, specifically the JsonPickleSerializer in versions v0.12.27–v0.12.40. The root cause is an insecure fallback to Python’s pickle during deserialization, enabling remote code execution if untrusted data is processed. The impact can be full system compromi...
PT-2025-28091 · Unknown · Llama Index
Name of the Vulnerable Software and Affected Versions: llama index versions v0.12.27 through v0.12.40 Description: A critical deserialization vulnerability exists in the JsonPickleSerializer component of the llama index library. This vulnerability allows remote code execution due to an insecure...