VulnerableCode Package Details - pkg:pypi/llama-index@0.9.38

Search for packages

Vulnerability	Summary	Fixed by
VCID-87xp-zjvx-h3gz Aliases: CVE-2024-14021 PYSEC-2026-85	LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.	0.11.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9wyc-qhrw-jugv Aliases: CVE-2024-58339 PYSEC-2026-86	LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().	0.12.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-q77g-pdfy-rfdc Aliases: CVE-2024-45201 GHSA-fxc2-8m62-m85x PYSEC-2024-192	An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.	0.10.38 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s83c-jsfw-nfg5 Aliases: CVE-2024-12910 PYSEC-2025-11	A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.	0.12.9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-87xp-zjvx-h3gz
Aliases:
CVE-2024-14021
PYSEC-2026-85

LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.

0.11.7
Affected by 2 other vulnerabilities.

VCID-9wyc-qhrw-jugv
Aliases:
CVE-2024-58339
PYSEC-2026-86

LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prompt and executes them via vn.run_sql() without enforcing query execution limits In downstream deployments where untrusted users can supply prompts, an attacker can trigger expensive or unbounded SQL operations that exhaust CPU or memory resources, resulting in a denial-of-service condition. The vulnerable execution path occurs in llama_index/packs/vanna/base.py within custom_query().

0.12.3
Affected by 1 other vulnerability.

VCID-q77g-pdfy-rfdc
Aliases:
CVE-2024-45201
GHSA-fxc2-8m62-m85x
PYSEC-2024-192

An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.

0.10.38
Affected by 3 other vulnerabilities.

VCID-s83c-jsfw-nfg5
Aliases:
CVE-2024-12910
PYSEC-2025-11

A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.

0.12.9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:37:04.289345+00:00	Pypa Importer	Affected by	VCID-9wyc-qhrw-jugv	https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2026-86.yaml	38.6.0
2026-05-30T20:37:02.521905+00:00	Pypa Importer	Affected by	VCID-87xp-zjvx-h3gz	https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2026-85.yaml	38.6.0
2026-05-30T20:36:09.924387+00:00	Pypa Importer	Affected by	VCID-s83c-jsfw-nfg5	https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2025-11.yaml	38.6.0
2026-05-30T20:34:57.426107+00:00	Pypa Importer	Affected by	VCID-q77g-pdfy-rfdc	https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2024-192.yaml	38.6.0