Vanna 代码问题漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier contained a code vulnerability. This vulnerability stemmed from improper handling of the updatesql/runsql functions in the file src/vanna/legacy/flask/init.py of the component Endpoint. It could lead to...

PYSEC-2026-86

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...