Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/llama-index@0.11.9
Typepypi
Namespace
Namellama-index
Version0.11.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.13.0
Latest_non_vulnerable_version0.13.0
Affected_by_vulnerabilities
0
url VCID-3e26-uasv-jkbt
vulnerability_id VCID-3e26-uasv-jkbt
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12704
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57788
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12704
2
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
3
reference_url https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/
url https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05
4
reference_url https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/
url https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12704
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12704
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353770
reference_id 2353770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353770
7
reference_url https://github.com/advisories/GHSA-j3wr-m6xh-64hg
reference_id GHSA-j3wr-m6xh-64hg
reference_type
scores
url https://github.com/advisories/GHSA-j3wr-m6xh-64hg
fixed_packages
0
url pkg:pypi/llama-index@0.12.6
purl pkg:pypi/llama-index@0.12.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bv81-mnt1-hqa1
1
vulnerability VCID-cbkj-xn1m-ckew
2
vulnerability VCID-kff2-3bue-9fep
3
vulnerability VCID-s83c-jsfw-nfg5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.6
aliases CVE-2024-12704, GHSA-j3wr-m6xh-64hg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3e26-uasv-jkbt
1
url VCID-9wyc-qhrw-jugv
vulnerability_id VCID-9wyc-qhrw-jugv
summary LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-58339
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36464
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-58339
1
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/
url https://github.com/run-llama/llama_index
2
reference_url https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/
url https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f
3
reference_url https://www.llamaindex.ai/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/
url https://www.llamaindex.ai/
4
reference_url https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T17:18:23Z/
url https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion
fixed_packages
0
url pkg:pypi/llama-index@0.12.3
purl pkg:pypi/llama-index@0.12.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3e26-uasv-jkbt
1
vulnerability VCID-bv81-mnt1-hqa1
2
vulnerability VCID-cbkj-xn1m-ckew
3
vulnerability VCID-kff2-3bue-9fep
4
vulnerability VCID-s83c-jsfw-nfg5
5
vulnerability VCID-zr9n-xmhb-ukbh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.3
aliases CVE-2024-58339, PYSEC-2026-86
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wyc-qhrw-jugv
2
url VCID-bv81-mnt1-hqa1
vulnerability_id VCID-bv81-mnt1-hqa1
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1793.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1793.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1793
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18058
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1793
2
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
3
reference_url https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-06-05T13:28:44Z/
url https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e
4
reference_url https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-06-05T13:28:44Z/
url https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1793
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1793
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2370381
reference_id 2370381
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2370381
7
reference_url https://github.com/advisories/GHSA-v3c8-3pr6-gr7p
reference_id GHSA-v3c8-3pr6-gr7p
reference_type
scores
url https://github.com/advisories/GHSA-v3c8-3pr6-gr7p
fixed_packages
0
url pkg:pypi/llama-index@0.12.28
purl pkg:pypi/llama-index@0.12.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5t3g-y6z5-1bd7
1
vulnerability VCID-cbkj-xn1m-ckew
2
vulnerability VCID-kff2-3bue-9fep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.28
aliases CVE-2025-1793, GHSA-v3c8-3pr6-gr7p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bv81-mnt1-hqa1
3
url VCID-cbkj-xn1m-ckew
vulnerability_id VCID-cbkj-xn1m-ckew
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6211.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6211.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6211
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.53666
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6211
2
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
3
reference_url https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T15:13:09Z/
url https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352
4
reference_url https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T15:13:09Z/
url https://huntr.com/bounties/1a48a011-a3c5-4979-9ffc-9652280bc389
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6211
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6211
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2379311
reference_id 2379311
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2379311
7
reference_url https://github.com/advisories/GHSA-5hq9-5r78-2gjh
reference_id GHSA-5hq9-5r78-2gjh
reference_type
scores
url https://github.com/advisories/GHSA-5hq9-5r78-2gjh
fixed_packages
0
url pkg:pypi/llama-index@0.12.41
purl pkg:pypi/llama-index@0.12.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kff2-3bue-9fep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.41
aliases CVE-2025-6211, GHSA-5hq9-5r78-2gjh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbkj-xn1m-ckew
4
url VCID-kff2-3bue-9fep
vulnerability_id VCID-kff2-3bue-9fep
summary 
llama-index has Insecure Temporary File
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7707.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7707.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7707
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08379
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7707
2
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
3
reference_url https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-14T14:32:21Z/
url https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4
4
reference_url https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-14T14:32:21Z/
url https://huntr.com/bounties/3fe2c8ab-6727-4aef-a0ef-4d2818e48803
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403577
reference_id 2403577
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403577
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7707
reference_id CVE-2025-7707
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7707
7
reference_url https://github.com/advisories/GHSA-rg9h-vx28-xxp5
reference_id GHSA-rg9h-vx28-xxp5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg9h-vx28-xxp5
fixed_packages
0
url pkg:pypi/llama-index@0.13.0
purl pkg:pypi/llama-index@0.13.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.13.0
aliases CVE-2025-7707, GHSA-rg9h-vx28-xxp5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kff2-3bue-9fep
5
url VCID-s83c-jsfw-nfg5
vulnerability_id VCID-s83c-jsfw-nfg5
summary A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12910.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12910.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12910
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57788
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12910
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-11.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-11.yaml
3
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
4
reference_url https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:55:55Z/
url https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9
5
reference_url https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T13:55:55Z/
url https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12910
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12910
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353537
reference_id 2353537
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353537
8
reference_url https://github.com/advisories/GHSA-jvpf-xf32-2w4q
reference_id GHSA-jvpf-xf32-2w4q
reference_type
scores
url https://github.com/advisories/GHSA-jvpf-xf32-2w4q
fixed_packages
0
url pkg:pypi/llama-index@0.12.9
purl pkg:pypi/llama-index@0.12.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bv81-mnt1-hqa1
1
vulnerability VCID-cbkj-xn1m-ckew
2
vulnerability VCID-kff2-3bue-9fep
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.9
aliases CVE-2024-12910, GHSA-jvpf-xf32-2w4q, PYSEC-2025-11
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s83c-jsfw-nfg5
6
url VCID-w18f-9m26-m3bj
vulnerability_id VCID-w18f-9m26-m3bj
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12911.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12911
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50836
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12911
2
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
3
reference_url https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:15Z/
url https://github.com/run-llama/llama_index/commit/bf282074e20e7dafd5e2066137dcd4cd17c3fb9e
4
reference_url https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:50:15Z/
url https://huntr.com/bounties/095f9e67-311d-494c-99c5-5e61a0adb8f3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12911
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12911
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353719
reference_id 2353719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353719
7
reference_url https://github.com/advisories/GHSA-jmgm-gx32-vp4w
reference_id GHSA-jmgm-gx32-vp4w
reference_type
scores
url https://github.com/advisories/GHSA-jmgm-gx32-vp4w
fixed_packages
0
url pkg:pypi/llama-index@0.12.3
purl pkg:pypi/llama-index@0.12.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3e26-uasv-jkbt
1
vulnerability VCID-bv81-mnt1-hqa1
2
vulnerability VCID-cbkj-xn1m-ckew
3
vulnerability VCID-kff2-3bue-9fep
4
vulnerability VCID-s83c-jsfw-nfg5
5
vulnerability VCID-zr9n-xmhb-ukbh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.3
aliases CVE-2024-12911, GHSA-jmgm-gx32-vp4w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w18f-9m26-m3bj
7
url VCID-zr9n-xmhb-ukbh
vulnerability_id VCID-zr9n-xmhb-ukbh
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12909
reference_id
reference_type
scores
0
value 0.0413
scoring_system epss
scoring_elements 0.88826
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12909
1
reference_url https://github.com/run-llama/llama_index
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index
2
reference_url https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:29Z/
url https://github.com/run-llama/llama_index/commit/5d03c175476452db9b8abcdb7d5767dd7b310a75
3
reference_url https://github.com/run-llama/llama_index/tree/stale_packages/llama-index-packs/llama-index-packs-finchat
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index/tree/stale_packages/llama-index-packs/llama-index-packs-finchat
4
reference_url https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-20T17:51:29Z/
url https://huntr.com/bounties/44e8177f-200a-4ba3-a12c-8bc21e313a3f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12909
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12909
6
reference_url https://github.com/advisories/GHSA-x48g-hm9c-ww42
reference_id GHSA-x48g-hm9c-ww42
reference_type
scores
url https://github.com/advisories/GHSA-x48g-hm9c-ww42
fixed_packages
0
url pkg:pypi/llama-index@0.12.4
purl pkg:pypi/llama-index@0.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3e26-uasv-jkbt
1
vulnerability VCID-bv81-mnt1-hqa1
2
vulnerability VCID-cbkj-xn1m-ckew
3
vulnerability VCID-kff2-3bue-9fep
4
vulnerability VCID-s83c-jsfw-nfg5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.4
aliases CVE-2024-12909, GHSA-x48g-hm9c-ww42
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr9n-xmhb-ukbh
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.11.9