Lucene search
K

5 matches found

CVE
CVE
added 2025/07/07 9:54 a.m.20 views

CVE-2025-3225

The CVE-2025-3225 issue affects the run-llama/llama_index project, specifically its sitemap parser, where an XML Entity Expansion (billion laughs) vulnerability exists in version v0.12.21. This can be triggered by a malicious Sitemap XML to cause Denial of Service via memory exhaustion, potential...

7.5CVSS7.3AI score0.00415EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/07/07 9:54 a.m.4 views

CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service DoS...

7.5CVSS7.1AI score0.00415EPSS
Exploits1References4
NVD
NVD
added 2025/06/05 5:15 a.m.15 views

CVE-2025-1793

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

9.8CVSS0.00581EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/05 4:54 a.m.9 views

CVE-2025-1793 SQL Injection in run-llama/llama_index

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

9.8CVSS9.8AI score0.00581EPSS
Exploits1References2
CVE
CVE
added 2025/06/05 4:54 a.m.183 views

CVE-2025-1793

CVE-2025-1793 involves multiple vector store integrations in run-llama/llama_index v0.12.21 with SQL injection (CWE-89). The vulnerability allows reading/writing data via SQL, potentially exposing data of other users depending on llama_index usage. Public documents provide concrete details across...

9.8CVSS9.8AI score0.00581EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder