15 matches found
Allocation of Resources Without Limits or Throttling
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SimpleDirectoryReader class readers/file/base.py. The configured numfileslimit is respected, but enforced after all...
llama-index-core vulnerable to Uncontrolled Resource Consumption
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
GHSA-488G-HW5F-X29P llama-index-core vulnerable to Uncontrolled Resource Consumption
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
EUVD-2025-206599
The SimpleDirectoryReader component in llamaindex.core version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit numfileslimit is applied after all files in a directory are loaded into memory. Thi...
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
PYSEC-2025-65
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
PYSEC-2025-65
A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the encodeimage function. An attacker can access arbitrary files on the server by supplying crafted imagepath values...
CVE-2025-6209
CVE-2025-6209: Path traversal in run-llama/llama_index affects versions 0.12.27–0.12.40, in encode_image() of generic_utils.py, allowing reading arbitrary server files via image_path input. Root cause is insufficient path validation/sanitization. Fixed in 0.12.41; remediation is upgrade to 0.12.4...
Deserialization of Untrusted Data
Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPickleSerializer process. An attacker can execute arbitrary code by submitting specially crafted serialized data that triggers the...
Deserialization of Untrusted Data
Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPickleSerializer process. An attacker can execute arbitrary code by submitting specially crafted serialized data that triggers the...