Lucene search
+L

58 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20207

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00415EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.12 views

EUVD-2024-1292

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02862EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20223

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00545EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-14231

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00438EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25708

Malicious code in bioql PyPI...

8.6CVSS8.6AI score0.0026EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7043

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01311EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-16628

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00705EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/08/25 3:3 p.m.1 views

CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index

A denial of service vulnerability exists in the JSONReader component of the run-llama/llamaindex repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth...

8.6CVSS8.3AI score0.0026EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/25 12:0 a.m.6 views

PT-2025-34665

Name of the Vulnerable Software and Affected Versions: run-llama/llama index versions prior to 0.12.38 Description: A denial of service issue exists in the JSONReader component. The issue is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting i...

8.6CVSS7.2AI score0.0026EPSS
Exploits0References10
cve
cve
added 2025/07/10 1:4 p.m.98 views

CVE-2025-6211

CVE-2025-6211 affects the DocugamiReader class in the run-llama/llama_index project (up to v0.12.28). It uses MD5 to generate IDs for document chunks, which can collide when chunks have identical text but different structure, causing one chunk to overwrite another and potentially losing semantica...

6.5CVSS6.4AI score0.00314EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2025/07/07 1:15 p.m.9 views

CVE-2025-6209

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS0.00545EPSS
Exploits1References2
pypa
pypa
added 2025/07/07 1:15 p.m.12 views

PYSEC-2025-65

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.8AI score0.00545EPSS
Exploits1References2Affected Software1
osv
osv
added 2025/07/07 1:15 p.m.8 views

PYSEC-2025-65

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.8AI score0.00545EPSS
Exploits1References2
cve
cve
added 2025/07/07 12:21 p.m.42 views

CVE-2025-6209

CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...

7.5CVSS7.4AI score0.00545EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2025/07/07 12:21 p.m.2 views

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6.9AI score0.00545EPSS
Exploits1References2
osv
osv
added 2025/07/07 12:21 p.m.6 views

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

7.5CVSS6AI score0.00545EPSS
Exploits1References4
nvd
nvd
added 2025/07/07 10:15 a.m.6 views

CVE-2025-3225

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service DoS...

7.5CVSS0.00415EPSS
Exploits1References2
nvd
nvd
added 2025/07/07 10:15 a.m.10 views

CVE-2025-3044

A vulnerability in the ArxivReader class of the run-llama/llamaindex repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each othe...

5.3CVSS0.00281EPSS
Exploits1References2
cvelist
cvelist
added 2025/07/07 9:55 a.m.11 views

CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. T...

6.2CVSS0.0029EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/07/07 9:54 a.m.4 views

CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index

A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...

7.5CVSS7AI score0.00555EPSS
Exploits1References2
Rows per page
Query Builder