EUVD-2025-20207

Malicious code in bioql PyPI...

GHSA-W42R-MRX7-C633 LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting the Papers Loaders package before version 0.3.2 in llama-index v0.10.0 and above through v0.12.29. This vulnerability allows ...

LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting the Papers Loaders package before version 0.3.2 in llama-index v0.10.0 and above through v0.12.29. This vulnerability allows ...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.21, which stems from an XML entity extension vulnerability in the sitemap parser that could lead to a denial of service attack...

XML Entity Expansion vulnerability in Sitemap parser

Description There is an XML entity expansion billion laughs vulnerability in the sitemap parser. When accessing a malicious Sitemap XML, this results in a Denial of Service. Vulnerable class: import urllib.request import xml.etree.ElementTree as ET from typing import List from...

LangChain < 0.2.5 DoS

The version of LangChain installed on the remote host is prior to 0.2.5. It is, therefore, affected by a Denial-of-Service DoS vulnerability in the SitemapLoader class. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion...