Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/llama-index@0.6.38

Type pypi

Namespace

Name llama-index

Version 0.6.38

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.13.0

Latest_non_vulnerable_version 0.13.0

Affected_by_vulnerabilities

url VCID-2tnu-c9y5-9kbx

vulnerability_id VCID-2tnu-c9y5-9kbx

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4181

reference_id

reference_type

scores

value	0.01615
scoring_system	epss
scoring_elements	0.82097
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4181

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-16T16:10:22Z/

url

https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba

reference_url

https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-16T16:10:22Z/

url

https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-4181

reference_id

CVE-2024-4181

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-4181

reference_url

https://github.com/advisories/GHSA-pw38-xv9x-h8ch

reference_id

GHSA-pw38-xv9x-h8ch

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pw38-xv9x-h8ch

fixed_packages

url pkg:pypi/llama-index@0.10.13

purl pkg:pypi/llama-index@0.10.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-87xp-zjvx-h3gz

vulnerability	VCID-9wyc-qhrw-jugv

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-q77g-pdfy-rfdc

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-w18f-9m26-m3bj

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.10.13

aliases CVE-2024-4181, GHSA-pw38-xv9x-h8ch

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tnu-c9y5-9kbx

url VCID-3e26-uasv-jkbt

vulnerability_id VCID-3e26-uasv-jkbt

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12704

reference_id

reference_type

scores

value	0.00351
scoring_system	epss
scoring_elements	0.57788
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12704

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/

url

https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05

reference_url

https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/

url

https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-12704

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-12704

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2353770
reference_id	2353770
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2353770

reference_url	https://github.com/advisories/GHSA-j3wr-m6xh-64hg
reference_id	GHSA-j3wr-m6xh-64hg
reference_type
scores
url	https://github.com/advisories/GHSA-j3wr-m6xh-64hg

fixed_packages

url pkg:pypi/llama-index@0.12.6

purl pkg:pypi/llama-index@0.12.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-s83c-jsfw-nfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.6

aliases CVE-2024-12704, GHSA-j3wr-m6xh-64hg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3e26-uasv-jkbt

url VCID-44bs-9zvm-mbby

vulnerability_id VCID-44bs-9zvm-mbby

summary An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39662

reference_id

reference_type

scores

value	0.03852
scoring_system	epss
scoring_elements	0.88402
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39662

reference_url

https://github.com/jerryjliu/llama_index

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/jerryjliu/llama_index

reference_url

https://github.com/jerryjliu/llama_index/issues/7054

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-08T20:26:03Z/

url

https://github.com/jerryjliu/llama_index/issues/7054

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2023-148.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2023-148.yaml

reference_url

https://github.com/run-llama/llama_index/commit/9f3e50a803f519af9ab62e63d413441c43001d81

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index/commit/9f3e50a803f519af9ab62e63d413441c43001d81

reference_url

https://github.com/run-llama/llama_index/commit/aa6726706476e0f957a8d57a5ca89e519e93bad7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index/commit/aa6726706476e0f957a8d57a5ca89e519e93bad7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-39662

reference_id

CVE-2023-39662

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-39662

reference_url

https://github.com/advisories/GHSA-2xxc-73fv-36f7

reference_id

GHSA-2xxc-73fv-36f7

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2xxc-73fv-36f7

fixed_packages

url pkg:pypi/llama-index@0.7.14

purl pkg:pypi/llama-index@0.7.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tnu-c9y5-9kbx

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-44bs-9zvm-mbby

vulnerability	VCID-87xp-zjvx-h3gz

vulnerability	VCID-9wyc-qhrw-jugv

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-pwtm-tefd-kkc5

vulnerability	VCID-q77g-pdfy-rfdc

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-w18f-9m26-m3bj

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.7.14

url pkg:pypi/llama-index@0.9.14

purl pkg:pypi/llama-index@0.9.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tnu-c9y5-9kbx

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-87xp-zjvx-h3gz

vulnerability	VCID-9wyc-qhrw-jugv

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-pwtm-tefd-kkc5

vulnerability	VCID-q77g-pdfy-rfdc

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-w18f-9m26-m3bj

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.9.14

aliases CVE-2023-39662, GHSA-2xxc-73fv-36f7, PYSEC-2023-148

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44bs-9zvm-mbby

url VCID-87xp-zjvx-h3gz

vulnerability_id VCID-87xp-zjvx-h3gz

summary LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-14021

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38043
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-14021

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/

url

https://github.com/run-llama/llama_index

reference_url

https://huntr.com/bounties/ab4ceeb4-aa85-4d1c-aaca-4eda1b71fc12

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/

url

https://huntr.com/bounties/ab4ceeb4-aa85-4d1c-aaca-4eda1b71fc12

reference_url

https://www.llamaindex.ai/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/

url

https://www.llamaindex.ai/

reference_url

https://www.vulncheck.com/advisories/llamaindex-bgem3index-unsafe-deserialization

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-01-13T16:23:29Z/

url

https://www.vulncheck.com/advisories/llamaindex-bgem3index-unsafe-deserialization

fixed_packages

url pkg:pypi/llama-index@0.11.7

purl pkg:pypi/llama-index@0.11.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-9wyc-qhrw-jugv

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-w18f-9m26-m3bj

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.11.7

aliases CVE-2024-14021, PYSEC-2026-85

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87xp-zjvx-h3gz

url VCID-9wyc-qhrw-jugv

vulnerability_id VCID-9wyc-qhrw-jugv

summary LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-58339

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.36464
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-58339

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/

url

https://github.com/run-llama/llama_index

reference_url

https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/

url

https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f

reference_url

https://www.llamaindex.ai/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/

url

https://www.llamaindex.ai/

reference_url

https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/

url

https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion

fixed_packages

url pkg:pypi/llama-index@0.12.3

purl pkg:pypi/llama-index@0.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.3

aliases CVE-2024-58339, PYSEC-2026-86

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wyc-qhrw-jugv

url VCID-bv81-mnt1-hqa1

vulnerability_id VCID-bv81-mnt1-hqa1

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1793.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1793.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1793

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.18058
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1793

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-06-05T13:28:44Z/

url

https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e

reference_url

https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-06-05T13:28:44Z/

url

https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-1793

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-1793

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370381
reference_id	2370381
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370381

reference_url	https://github.com/advisories/GHSA-v3c8-3pr6-gr7p
reference_id	GHSA-v3c8-3pr6-gr7p
reference_type
scores
url	https://github.com/advisories/GHSA-v3c8-3pr6-gr7p

fixed_packages

url pkg:pypi/llama-index@0.12.28

purl pkg:pypi/llama-index@0.12.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t3g-y6z5-1bd7

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.28

aliases CVE-2025-1793, GHSA-v3c8-3pr6-gr7p

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bv81-mnt1-hqa1

url VCID-cbkj-xn1m-ckew

vulnerability_id VCID-cbkj-xn1m-ckew

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6211.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6211.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6211

reference_id

reference_type

scores

value	0.00301
scoring_system	epss
scoring_elements	0.53666
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6211

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T15:13:09Z/

url

https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352

reference_url

https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T15:13:09Z/

url

https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-6211

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-6211

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2379311
reference_id	2379311
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2379311

reference_url	https://github.com/advisories/GHSA-5hq9-5r78-2gjh
reference_id	GHSA-5hq9-5r78-2gjh
reference_type
scores
url	https://github.com/advisories/GHSA-5hq9-5r78-2gjh

fixed_packages

url pkg:pypi/llama-index@0.12.41

purl pkg:pypi/llama-index@0.12.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kff2-3bue-9fep

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.41

aliases CVE-2025-6211, GHSA-5hq9-5r78-2gjh

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbkj-xn1m-ckew

url VCID-kff2-3bue-9fep

vulnerability_id VCID-kff2-3bue-9fep

summary

llama-index has Insecure Temporary File
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7707.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7707.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-7707

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.08379
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-7707

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-14T14:32:21Z/

url

https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4

reference_url

https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-14T14:32:21Z/

url

https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403577
reference_id	2403577
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403577

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-7707

reference_id

CVE-2025-7707

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-7707

reference_url

https://github.com/advisories/GHSA-rg9h-vx28-xxp5

reference_id

GHSA-rg9h-vx28-xxp5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rg9h-vx28-xxp5

fixed_packages

url	pkg:pypi/llama-index@0.13.0
purl	pkg:pypi/llama-index@0.13.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.13.0

aliases CVE-2025-7707, GHSA-rg9h-vx28-xxp5

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kff2-3bue-9fep

url VCID-pwtm-tefd-kkc5

vulnerability_id VCID-pwtm-tefd-kkc5

summary LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23751

reference_id

reference_type

scores

value	0.00213
scoring_system	epss
scoring_elements	0.43882
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23751

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-12.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-12.yaml

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/issues/9957

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-22T18:43:51Z/

url

https://github.com/run-llama/llama_index/issues/9957

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23751

reference_id

CVE-2024-23751

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23751

reference_url

https://github.com/advisories/GHSA-2jxw-4hm4-6w87

reference_id

GHSA-2jxw-4hm4-6w87

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2jxw-4hm4-6w87

fixed_packages

url pkg:pypi/llama-index@0.9.35

purl pkg:pypi/llama-index@0.9.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tnu-c9y5-9kbx

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-87xp-zjvx-h3gz

vulnerability	VCID-9wyc-qhrw-jugv

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-pwtm-tefd-kkc5

vulnerability	VCID-q77g-pdfy-rfdc

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-w18f-9m26-m3bj

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.9.35

aliases CVE-2024-23751, GHSA-2jxw-4hm4-6w87, PYSEC-2024-12

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwtm-tefd-kkc5

url VCID-q77g-pdfy-rfdc

vulnerability_id VCID-q77g-pdfy-rfdc

summary An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45201

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43724
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45201

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8

reference_url

https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/

url

https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38

reference_url

https://github.com/run-llama/llama_index/pull/13523

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/

url

https://github.com/run-llama/llama_index/pull/13523

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2307415
reference_id	2307415
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2307415

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45201

reference_id

CVE-2024-45201

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45201

reference_url

https://github.com/advisories/GHSA-fxc2-8m62-m85x

reference_id

GHSA-fxc2-8m62-m85x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fxc2-8m62-m85x

fixed_packages

url pkg:pypi/llama-index@0.10.38

purl pkg:pypi/llama-index@0.10.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-87xp-zjvx-h3gz

vulnerability	VCID-9wyc-qhrw-jugv

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-w18f-9m26-m3bj

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.10.38

aliases CVE-2024-45201, GHSA-fxc2-8m62-m85x, PYSEC-2024-192

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q77g-pdfy-rfdc

url VCID-s83c-jsfw-nfg5

vulnerability_id VCID-s83c-jsfw-nfg5

summary A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12910.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12910.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12910

reference_id

reference_type

scores

value	0.00351
scoring_system	epss
scoring_elements	0.57788
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12910

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-11.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-11.yaml

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:55:55Z/

url

https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9

reference_url

https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:55:55Z/

url

https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-12910

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-12910

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2353537
reference_id	2353537
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2353537

reference_url	https://github.com/advisories/GHSA-jvpf-xf32-2w4q
reference_id	GHSA-jvpf-xf32-2w4q
reference_type
scores
url	https://github.com/advisories/GHSA-jvpf-xf32-2w4q

fixed_packages

url pkg:pypi/llama-index@0.12.9

purl pkg:pypi/llama-index@0.12.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.9

aliases CVE-2024-12910, GHSA-jvpf-xf32-2w4q, PYSEC-2025-11

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s83c-jsfw-nfg5

url VCID-w18f-9m26-m3bj

vulnerability_id VCID-w18f-9m26-m3bj

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12911.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12911.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12911

reference_id

reference_type

scores

value	0.00272
scoring_system	epss
scoring_elements	0.50836
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12911

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:15Z/

url

https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e

reference_url

https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:15Z/

url

https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-12911

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-12911

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2353719
reference_id	2353719
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2353719

reference_url	https://github.com/advisories/GHSA-jmgm-gx32-vp4w
reference_id	GHSA-jmgm-gx32-vp4w
reference_type
scores
url	https://github.com/advisories/GHSA-jmgm-gx32-vp4w

fixed_packages

url pkg:pypi/llama-index@0.12.3

purl pkg:pypi/llama-index@0.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-s83c-jsfw-nfg5

vulnerability	VCID-zr9n-xmhb-ukbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.3

aliases CVE-2024-12911, GHSA-jmgm-gx32-vp4w

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w18f-9m26-m3bj

url VCID-zr9n-xmhb-ukbh

vulnerability_id VCID-zr9n-xmhb-ukbh

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12909

reference_id

reference_type

scores

value	0.0413
scoring_system	epss
scoring_elements	0.88826
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12909

reference_url

https://github.com/run-llama/llama_index

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index

reference_url

https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75

reference_id

reference_type

scores

value	10
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:29Z/

url

https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75

reference_url

https://github.com/run-llama/llama_index/tree/stale_packages/llama-index-packs/llama-index-packs-finchat

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/run-llama/llama_index/tree/stale_packages/llama-index-packs/llama-index-packs-finchat

reference_url

https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f

reference_id

reference_type

scores

value	10
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:29Z/

url

https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-12909

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-12909

reference_url	https://github.com/advisories/GHSA-x48g-hm9c-ww42
reference_id	GHSA-x48g-hm9c-ww42
reference_type
scores
url	https://github.com/advisories/GHSA-x48g-hm9c-ww42

fixed_packages

url pkg:pypi/llama-index@0.12.4

purl pkg:pypi/llama-index@0.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3e26-uasv-jkbt

vulnerability	VCID-bv81-mnt1-hqa1

vulnerability	VCID-cbkj-xn1m-ckew

vulnerability	VCID-kff2-3bue-9fep

vulnerability	VCID-s83c-jsfw-nfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.4

aliases CVE-2024-12909, GHSA-x48g-hm9c-ww42

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr9n-xmhb-ukbh

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.6.38

Package Instance