Lucene search
K

38 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:34 p.m.6 views

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

8.6CVSS7AI score0.00761EPSS
Exploits3Affected Software2
vulnersOsv
vulnersOsv
added 2026/02/02 1:58 p.m.5 views

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +686 more potentially affected by CVE-2025-6208 via llama-index-core (>=0.10.0 <=0.12.39)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.1.0, =0.4.0.dev2 and more Source cves: CVE-2025-6208 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-15170850...

5.3CVSS6AI score0.0037EPSS
Exploits0
Snyk
Snyk
added 2026/02/02 1:58 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SimpleDirectoryReader class readers/file/base.py. The configured numfileslimit is respected, but enforced after all...

6.9CVSS5.5AI score0.0037EPSS
Exploits0References2
OSV
OSV
added 2026/02/02 12:31 p.m.2 views

GHSA-488G-HW5F-X29P llama-index-core vulnerable to Uncontrolled Resource Consumption

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

5.3CVSS5.7AI score0.0037EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 11:16 a.m.3 views

CVE-2025-6208

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

5.3CVSS5.6AI score
Exploits0References2
EUVD
EUVD
added 2026/02/02 10:36 a.m.3 views

EUVD-2025-206599

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

5.3CVSS5.4AI score0.0037EPSS
Exploits0References2
CVE
CVE
added 2026/02/02 10:36 a.m.10 views

CVE-2025-6208

The CVE-2025-6208 issue affects llama_index.core, specifically the SimpleDirectoryReader class, where the configured num_files_limit is enforced after all files in a directory are loaded into memory. This causes uncontrolled memory consumption and potential DoS in resource-constrained environment...

5.3CVSS5.4AI score0.0037EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:36 a.m.3 views

CVE-2025-6208

The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...

5.3CVSS5.4AI score0.0037EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:19 a.m.11 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...

8.7CVSS5.5AI score0.00408EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/11/14 4:38 a.m.5 views

Insecure Temporary File Usage

llama-index-core is vulnerable to Insecure Temporary File Usage. The vulnerability is due to the use of a predictable hardcoded cache directory /tmp/llamaindex in getcachedir, where attackers on multi-user Linux systems can steal cached model data, poison embeddings, or exploit symlink race...

7.3CVSS6.9AI score0.00134EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/10/13 6:31 p.m.6 views

Insecure Temporary File

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Insecure Temporary File due to setting the NLTK data directory to a shared, world-writable subdirectory. An attacker can overwrite, delete, or corrupt data files by exploiting...

7.8CVSS6.9AI score0.00168EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/10/13 6:31 p.m.3 views

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +689 more potentially affected by CVE-2025-7707 via llama-index-core (>=0.10.0 <=0.12.48)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.2.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.4.0 and more Source cves: CVE-2025-7707 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-13541614...

7.8CVSS7AI score0.00168EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31429

Malicious code in bioql PyPI...

7.3CVSS7.4AI score0.00134EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/30 6:8 p.m.5 views

CVE-2025-7647

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS6.9AI score0.00134EPSS
Exploits0References5
OSV
OSV
added 2025/09/27 6:30 p.m.7 views

GHSA-CR7Q-2W66-HJCM llama-index-core insecurely handles temporary files

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS6.9AI score0.00134EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/09/27 6:30 p.m.13 views

llama-index-core insecurely handles temporary files

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS6.9AI score0.00134EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/09/27 5:43 p.m.1 views

Creation of Temporary File With Insecure Permissions

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getcachedir function, which uses a predictable and hardcoded directory path /tmp/llamaindex without proper security...

8.4CVSS6.9AI score0.00134EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/27 5:43 p.m.4 views

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +689 more potentially affected by CVE-2025-7647 via llama-index-core (>=0.10.0 <=0.12.48)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.2.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.4.0 and more Source cves: CVE-2025-7647 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-13110240...

7.3CVSS7.1AI score0.00134EPSS
Exploits0
NVD
NVD
added 2025/09/27 5:15 p.m.6 views

CVE-2025-7647

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS0.00134EPSS
Exploits0References2
OSV
OSV
added 2025/09/27 5:15 p.m.4 views

CVE-2025-7647

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

7.3CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder