VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/34112?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/34112?format=api",
    "purl": "pkg:pypi/llama-index@0.5.26",
    "type": "pypi",
    "namespace": "",
    "name": "llama-index",
    "version": "0.5.26",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "0.13.0",
    "latest_non_vulnerable_version": "0.13.0",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267441?format=api",
            "vulnerability_id": "VCID-2tnu-c9y5-9kbx",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4181",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.01615",
                            "scoring_system": "epss",
                            "scoring_elements": "0.82097",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4181"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-16T16:10:22Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba"
                },
                {
                    "reference_url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-16T16:10:22Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4181",
                    "reference_id": "CVE-2024-4181",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4181"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-pw38-xv9x-h8ch",
                    "reference_id": "GHSA-pw38-xv9x-h8ch",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-pw38-xv9x-h8ch"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/41431?format=api",
                    "purl": "pkg:pypi/llama-index@0.10.13",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-87xp-zjvx-h3gz"
                        },
                        {
                            "vulnerability": "VCID-9wyc-qhrw-jugv"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-q77g-pdfy-rfdc"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-w18f-9m26-m3bj"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.10.13"
                }
            ],
            "aliases": [
                "CVE-2024-4181",
                "GHSA-pw38-xv9x-h8ch"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tnu-c9y5-9kbx"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243700?format=api",
            "vulnerability_id": "VCID-3e26-uasv-jkbt",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12704",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00351",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57788",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12704"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"
                },
                {
                    "reference_url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12704",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12704"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353770",
                    "reference_id": "2353770",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353770"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-j3wr-m6xh-64hg",
                    "reference_id": "GHSA-j3wr-m6xh-64hg",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-j3wr-m6xh-64hg"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/43597?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.6",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.6"
                }
            ],
            "aliases": [
                "CVE-2024-12704",
                "GHSA-j3wr-m6xh-64hg"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e26-uasv-jkbt"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8856?format=api",
            "vulnerability_id": "VCID-44bs-9zvm-mbby",
            "summary": "An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39662",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.03852",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88402",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39662"
                },
                {
                    "reference_url": "https://github.com/jerryjliu/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/jerryjliu/llama_index"
                },
                {
                    "reference_url": "https://github.com/jerryjliu/llama_index/issues/7054",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-08T20:26:03Z/"
                        }
                    ],
                    "url": "https://github.com/jerryjliu/llama_index/issues/7054"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2023-148.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2023-148.yaml"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/9f3e50a803f519af9ab62e63d413441c43001d81",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/9f3e50a803f519af9ab62e63d413441c43001d81"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/aa6726706476e0f957a8d57a5ca89e519e93bad7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/aa6726706476e0f957a8d57a5ca89e519e93bad7"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39662",
                    "reference_id": "CVE-2023-39662",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39662"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-2xxc-73fv-36f7",
                    "reference_id": "GHSA-2xxc-73fv-36f7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-2xxc-73fv-36f7"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/34180?format=api",
                    "purl": "pkg:pypi/llama-index@0.7.14",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2tnu-c9y5-9kbx"
                        },
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-44bs-9zvm-mbby"
                        },
                        {
                            "vulnerability": "VCID-87xp-zjvx-h3gz"
                        },
                        {
                            "vulnerability": "VCID-9wyc-qhrw-jugv"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-pwtm-tefd-kkc5"
                        },
                        {
                            "vulnerability": "VCID-q77g-pdfy-rfdc"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-w18f-9m26-m3bj"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.7.14"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/37979?format=api",
                    "purl": "pkg:pypi/llama-index@0.9.14",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2tnu-c9y5-9kbx"
                        },
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-87xp-zjvx-h3gz"
                        },
                        {
                            "vulnerability": "VCID-9wyc-qhrw-jugv"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-pwtm-tefd-kkc5"
                        },
                        {
                            "vulnerability": "VCID-q77g-pdfy-rfdc"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-w18f-9m26-m3bj"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.9.14"
                }
            ],
            "aliases": [
                "CVE-2023-39662",
                "GHSA-2xxc-73fv-36f7",
                "PYSEC-2023-148"
            ],
            "risk_score": 4.4,
            "exploitability": "0.5",
            "weighted_severity": "8.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44bs-9zvm-mbby"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9516?format=api",
            "vulnerability_id": "VCID-87xp-zjvx-h3gz",
            "summary": "LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-14021",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00171",
                            "scoring_system": "epss",
                            "scoring_elements": "0.38043",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-14021"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.4",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://huntr.com/bounties/ab4ceeb4-aa85-4d1c-aaca-4eda1b71fc12",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.4",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/ab4ceeb4-aa85-4d1c-aaca-4eda1b71fc12"
                },
                {
                    "reference_url": "https://www.llamaindex.ai/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.4",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/"
                        }
                    ],
                    "url": "https://www.llamaindex.ai/"
                },
                {
                    "reference_url": "https://www.vulncheck.com/advisories/llamaindex-bgem3index-unsafe-deserialization",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "8.4",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/"
                        }
                    ],
                    "url": "https://www.vulncheck.com/advisories/llamaindex-bgem3index-unsafe-deserialization"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/43574?format=api",
                    "purl": "pkg:pypi/llama-index@0.11.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-9wyc-qhrw-jugv"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-w18f-9m26-m3bj"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.11.7"
                }
            ],
            "aliases": [
                "CVE-2024-14021",
                "PYSEC-2026-85"
            ],
            "risk_score": 3.5,
            "exploitability": "0.5",
            "weighted_severity": "7.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87xp-zjvx-h3gz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9517?format=api",
            "vulnerability_id": "VCID-9wyc-qhrw-jugv",
            "summary": "LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-58339",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00159",
                            "scoring_system": "epss",
                            "scoring_elements": "0.36464",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-58339"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f"
                },
                {
                    "reference_url": "https://www.llamaindex.ai/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/"
                        }
                    ],
                    "url": "https://www.llamaindex.ai/"
                },
                {
                    "reference_url": "https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "8.7",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/"
                        }
                    ],
                    "url": "https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/43594?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.3"
                }
            ],
            "aliases": [
                "CVE-2024-58339",
                "PYSEC-2026-86"
            ],
            "risk_score": 3.4,
            "exploitability": "0.5",
            "weighted_severity": "6.8",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wyc-qhrw-jugv"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/284072?format=api",
            "vulnerability_id": "VCID-bv81-mnt1-hqa1",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1793.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1793.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1793",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00057",
                            "scoring_system": "epss",
                            "scoring_elements": "0.18058",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1793"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-06-05T13:28:44Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e"
                },
                {
                    "reference_url": "https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-06-05T13:28:44Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1793",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1793"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370381",
                    "reference_id": "2370381",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370381"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-v3c8-3pr6-gr7p",
                    "reference_id": "GHSA-v3c8-3pr6-gr7p",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-v3c8-3pr6-gr7p"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/44902?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.28",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-5t3g-y6z5-1bd7"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.28"
                }
            ],
            "aliases": [
                "CVE-2025-1793",
                "GHSA-v3c8-3pr6-gr7p"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bv81-mnt1-hqa1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/315297?format=api",
            "vulnerability_id": "VCID-cbkj-xn1m-ckew",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6211.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6211.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6211",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00301",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53666",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6211"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T15:13:09Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352"
                },
                {
                    "reference_url": "https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T15:13:09Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6211",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6211"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379311",
                    "reference_id": "2379311",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379311"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-5hq9-5r78-2gjh",
                    "reference_id": "GHSA-5hq9-5r78-2gjh",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-5hq9-5r78-2gjh"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/44915?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.41",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.41"
                }
            ],
            "aliases": [
                "CVE-2025-6211",
                "GHSA-5hq9-5r78-2gjh"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbkj-xn1m-ckew"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20429?format=api",
            "vulnerability_id": "VCID-kff2-3bue-9fep",
            "summary": "llama-index has Insecure Temporary File\nThe llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7707.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7707.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7707",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00027",
                            "scoring_system": "epss",
                            "scoring_elements": "0.08379",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7707"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-14T14:32:21Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4"
                },
                {
                    "reference_url": "https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-14T14:32:21Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403577",
                    "reference_id": "2403577",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403577"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7707",
                    "reference_id": "CVE-2025-7707",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7707"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-rg9h-vx28-xxp5",
                    "reference_id": "GHSA-rg9h-vx28-xxp5",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-rg9h-vx28-xxp5"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/69637?format=api",
                    "purl": "pkg:pypi/llama-index@0.13.0",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.13.0"
                }
            ],
            "aliases": [
                "CVE-2025-7707",
                "GHSA-rg9h-vx28-xxp5"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kff2-3bue-9fep"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9026?format=api",
            "vulnerability_id": "VCID-pwtm-tefd-kkc5",
            "summary": "LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via \"Drop the Students table\" within English language input.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23751",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00213",
                            "scoring_system": "epss",
                            "scoring_elements": "0.43882",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23751"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-12.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-12.yaml"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/issues/9957",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-22T18:43:51Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/issues/9957"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23751",
                    "reference_id": "CVE-2024-23751",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23751"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-2jxw-4hm4-6w87",
                    "reference_id": "GHSA-2jxw-4hm4-6w87",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-2jxw-4hm4-6w87"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38019?format=api",
                    "purl": "pkg:pypi/llama-index@0.9.35",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-2tnu-c9y5-9kbx"
                        },
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-87xp-zjvx-h3gz"
                        },
                        {
                            "vulnerability": "VCID-9wyc-qhrw-jugv"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-pwtm-tefd-kkc5"
                        },
                        {
                            "vulnerability": "VCID-q77g-pdfy-rfdc"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-w18f-9m26-m3bj"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.9.35"
                }
            ],
            "aliases": [
                "CVE-2024-23751",
                "GHSA-2jxw-4hm4-6w87",
                "PYSEC-2024-12"
            ],
            "risk_score": 4.5,
            "exploitability": "0.5",
            "weighted_severity": "9.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwtm-tefd-kkc5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9193?format=api",
            "vulnerability_id": "VCID-q77g-pdfy-rfdc",
            "summary": "An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45201",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00212",
                            "scoring_system": "epss",
                            "scoring_elements": "0.43724",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45201"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/pull/13523",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/pull/13523"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307415",
                    "reference_id": "2307415",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307415"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45201",
                    "reference_id": "CVE-2024-45201",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45201"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-fxc2-8m62-m85x",
                    "reference_id": "GHSA-fxc2-8m62-m85x",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "CRITICAL",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-fxc2-8m62-m85x"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/41456?format=api",
                    "purl": "pkg:pypi/llama-index@0.10.38",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-87xp-zjvx-h3gz"
                        },
                        {
                            "vulnerability": "VCID-9wyc-qhrw-jugv"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-w18f-9m26-m3bj"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.10.38"
                }
            ],
            "aliases": [
                "CVE-2024-45201",
                "GHSA-fxc2-8m62-m85x",
                "PYSEC-2024-192"
            ],
            "risk_score": 4.5,
            "exploitability": "0.5",
            "weighted_severity": "9.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q77g-pdfy-rfdc"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9336?format=api",
            "vulnerability_id": "VCID-s83c-jsfw-nfg5",
            "summary": "A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12910.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12910.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12910",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00351",
                            "scoring_system": "epss",
                            "scoring_elements": "0.57788",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12910"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-11.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-11.yaml"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:55:55Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9"
                },
                {
                    "reference_url": "https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.2",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:55:55Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12910",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12910"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353537",
                    "reference_id": "2353537",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353537"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-jvpf-xf32-2w4q",
                    "reference_id": "GHSA-jvpf-xf32-2w4q",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-jvpf-xf32-2w4q"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/43600?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.9",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.9"
                }
            ],
            "aliases": [
                "CVE-2024-12910",
                "GHSA-jvpf-xf32-2w4q",
                "PYSEC-2025-11"
            ],
            "risk_score": 2.6,
            "exploitability": "0.5",
            "weighted_severity": "5.3",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s83c-jsfw-nfg5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243882?format=api",
            "vulnerability_id": "VCID-w18f-9m26-m3bj",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12911.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12911.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12911",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00272",
                            "scoring_system": "epss",
                            "scoring_elements": "0.50836",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12911"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        },
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:15Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e"
                },
                {
                    "reference_url": "https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        },
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:15Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12911",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12911"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353719",
                    "reference_id": "2353719",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353719"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-jmgm-gx32-vp4w",
                    "reference_id": "GHSA-jmgm-gx32-vp4w",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-jmgm-gx32-vp4w"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/43594?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        },
                        {
                            "vulnerability": "VCID-zr9n-xmhb-ukbh"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.3"
                }
            ],
            "aliases": [
                "CVE-2024-12911",
                "GHSA-jmgm-gx32-vp4w"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w18f-9m26-m3bj"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/243881?format=api",
            "vulnerability_id": "VCID-zr9n-xmhb-ukbh",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12909",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.0413",
                            "scoring_system": "epss",
                            "scoring_elements": "0.88826",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-12909"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "10.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "10",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "10.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:29Z/"
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75"
                },
                {
                    "reference_url": "https://github.com/run-llama/llama_index/tree/stale_packages/llama-index-packs/llama-index-packs-finchat",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "10.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/run-llama/llama_index/tree/stale_packages/llama-index-packs/llama-index-packs-finchat"
                },
                {
                    "reference_url": "https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "10",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "10.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:29Z/"
                        }
                    ],
                    "url": "https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12909",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "10.0",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12909"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-x48g-hm9c-ww42",
                    "reference_id": "GHSA-x48g-hm9c-ww42",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-x48g-hm9c-ww42"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/43595?format=api",
                    "purl": "pkg:pypi/llama-index@0.12.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-3e26-uasv-jkbt"
                        },
                        {
                            "vulnerability": "VCID-bv81-mnt1-hqa1"
                        },
                        {
                            "vulnerability": "VCID-cbkj-xn1m-ckew"
                        },
                        {
                            "vulnerability": "VCID-kff2-3bue-9fep"
                        },
                        {
                            "vulnerability": "VCID-s83c-jsfw-nfg5"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.4"
                }
            ],
            "aliases": [
                "CVE-2024-12909",
                "GHSA-x48g-hm9c-ww42"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr9n-xmhb-ukbh"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "4.5",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.5.26"
}

Package Instance