54 matches found
EUVD-2024-1728
Malicious code in bioql PyPI...
EUVD-2024-1326
Malicious code in bioql PyPI...
EUVD-2025-20207
Malicious code in bioql PyPI...
EUVD-2023-0125
Malicious code in bioql PyPI...
CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index
A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...
PYSEC-2025-65
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
CVE-2025-6209
CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...
CVE-2025-5472
The CVE-2025-5472 entry concerns run-llama/llama_index’s JSONReader. Versions prior to 0.12.38 are vulnerable to a stack overflow/DoS via uncontrolled recursive JSON parsing when processing deeply nested structures. Root cause is unsafe recursive traversal with no depth validation, causing Recurs...
CVE-2025-3044 MD5 Hash Collision in run-llama/llama_index
A vulnerability in the ArxivReader class of the run-llama/llamaindex repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each othe...
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index
An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service DoS...
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index
An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service DoS...
CVE-2025-3225
The CVE-2025-3225 issue affects the run-llama/llama_index project, specifically its sitemap parser, where an XML Entity Expansion (billion laughs) vulnerability exists in version v0.12.21. This can be triggered by a malicious Sitemap XML to cause Denial of Service via memory exhaustion, potential...
CVE-2025-1793
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
CVE-2025-1793
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
CVE-2025-1793 SQL Injection in run-llama/llama_index
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
CVE-2025-1793
CVE-2025-1793 involves multiple vector store integrations in run-llama/llama_index v0.12.21 with SQL injection (CWE-89). The vulnerability allows reading/writing data via SQL, potentially exposing data of other users depending on llama_index usage. Public documents provide concrete details across...
CVE-2025-1793 SQL Injection in run-llama/llama_index
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
CVE-2023-39662
An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...
CVE-2025-1752
A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...
CVE-2025-1752 Denial of Service in run-llama/llama_index
A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...