Lucene search
+L

4 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-20156

Malicious code in bioql PyPI...

7.5CVSS5.2AI score0.00417EPSS
Exploits1References4
nvd
nvd
added 2025/07/06 11:15 p.m.8 views

CVE-2025-3108

A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...

7.5CVSS0.00417EPSS
Exploits1References2
osv
osv
added 2025/07/06 10:47 p.m.8 views

CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index

A critical deserialization vulnerability exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritiz...

5CVSS6.9AI score0.00417EPSS
Exploits1References4
huntr
huntr
added 2025/03/31 10:47 p.m.7 views

Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution

Description A critical deserialization vulnerability exists in the llamaindex library’s JsonPickleSerializer component, enabling remote code execution RCE due to an insecure fallback to Python’s pickle module. When deserializing untrusted data, JsonPickleSerializer prioritizes pickle.loads, which...

7.5CVSS5.9AI score0.00417EPSS
Exploits1
Rows per page
Query Builder