aiqtoolkit-llama-index (>=1.1.0 <=1.2.0rc4), airunner (>=3.0.0 <=3.1.14) +45 more potentially affected by CVE-2025-6211 via llama-index (>=0.10.0 <=0.12.38)

llama-index PYPI version =0.10.0, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.2.53, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =0.0.61 - intelligent-engine-core =0.1.0 - jiuwen-opensource =0.0.3 and more Source cves: CVE-2025-6211 Source advisory: OSV:GHSA-5HQ9-5R78-2GJH...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and potentially cause a syste...

CVE-2025-1793

A flaw was found in llama-index. SQL injection vulnerabilities exist within multiple vector store integrations in version v0.12.21, allowing an attacker to execute arbitrary SQL queries. This issue enables unauthorized reading and writing of data via crafted SQL commands. Successful exploitation...

CVE-2025-1753

LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the --files argument, which is directly passed into os.system. An attacker who controls the content of this argument can inject and execute arbitrary shell...

CVE-2025-1753

CVE-2025-1753 affects the LLama-Index CLI version v0.12.20. The vulnerability stems from the improper handling of the --files argument, which is directly passed into os.system, enabling an attacker who controls the content of this argument to inject and execute arbitrary shell commands. Impact ca...

langtrace-python-sdk (>=1.0.9 <=1.1.30), lavague (>=1.0.3.post1 <=1.0.23.post1) +8 more potentially affected by CVE-2024-45201 via llama-index (>=0.10.0 <=0.10.36)

llama-index PYPI version =0.10.0, =1.0.9, =1.0.3.post1, =0.0.0, =2.0.6, =1.0.0, =1.0.0, =0.1.0, =0.15.0, =0.26.0, =0.31.1 - void-terminal =1.1.0 Source cves: CVE-2024-45201 Source advisory: OSV:PYSEC-2024-192...