38 matches found
Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...
aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-6208 via llama-index-core (>=0.10.0 <=0.12.39)
llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-6208 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-15170850...
Allocation of Resources Without Limits or Throttling
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SimpleDirectoryReader class readers/file/base.py. The configured numfileslimit is respected, but enforced after all...
GHSA-488G-HW5F-X29P llama-index-core vulnerable to Uncontrolled Resource Consumption
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
EUVD-2025-206599
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The CVE-2025-6208 issue affects llama_index.core, specifically the SimpleDirectoryReader class, where the configured num_files_limit is enforced after all files in a directory are loaded into memory. This causes uncontrolled memory consumption and potential DoS in resource-constrained environment...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed
Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...
Insecure Temporary File Usage
llama-index-core is vulnerable to Insecure Temporary File Usage. The vulnerability is due to the use of a predictable hardcoded cache directory /tmp/llamaindex in getcachedir, where attackers on multi-user Linux systems can steal cached model data, poison embeddings, or exploit symlink race...
Insecure Temporary File
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Insecure Temporary File due to setting the NLTK data directory to a shared, world-writable subdirectory. An attacker can overwrite, delete, or corrupt data files by exploiting...
aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +689 more potentially affected by CVE-2025-7707 via llama-index-core (>=0.10.0 <=0.12.48)
llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.2.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.4.0 and more Source cves: CVE-2025-7707 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-13541614...
EUVD-2025-31429
Malicious code in bioql PyPI...
CVE-2025-7647
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
GHSA-CR7Q-2W66-HJCM llama-index-core insecurely handles temporary files
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
llama-index-core insecurely handles temporary files
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
Creation of Temporary File With Insecure Permissions
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getcachedir function, which uses a predictable and hardcoded directory path /tmp/llamaindex without proper security...
aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +689 more potentially affected by CVE-2025-7647 via llama-index-core (>=0.10.0 <=0.12.48)
llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.2.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.4.0 and more Source cves: CVE-2025-7647 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-13110240...
CVE-2025-7647
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...
CVE-2025-7647
The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...