Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/llama-index-core@0.10.38
Typepypi
Namespace
Namellama-index-core
Version0.10.38
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.13.0
Latest_non_vulnerable_version0.13.0
Affected_by_vulnerabilities
0
url VCID-9gy4-wsap-kqde
vulnerability_id VCID-9gy4-wsap-kqde
summary The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6208.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6208.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6208
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06939
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6208
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2435932
reference_id 2435932
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2435932
3
reference_url https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2
reference_id 53614e2f7913c0e86b58add9470b3c900b6c60b2
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:46:45Z/
url https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2
4
reference_url https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a
reference_id 7d722bb6-6567-4608-8b23-f95048d7605a
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:46:45Z/
url https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6208
reference_id CVE-2025-6208
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6208
6
reference_url https://github.com/advisories/GHSA-488g-hw5f-x29p
reference_id GHSA-488g-hw5f-x29p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-488g-hw5f-x29p
fixed_packages
0
url pkg:pypi/llama-index-core@0.12.41
purl pkg:pypi/llama-index-core@0.12.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mbxp-d7t1-3uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.41
aliases CVE-2025-6208, GHSA-488g-hw5f-x29p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gy4-wsap-kqde
1
url VCID-cnth-gsay-gbcw
vulnerability_id VCID-cnth-gsay-gbcw
summary A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5302.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5302.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5302
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17509
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5302
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-5302
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-5302
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2390808
reference_id 2390808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2390808
4
reference_url https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd557048a6
reference_id 70041b81-de9e-4046-8c0e-6ccd557048a6
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-25T15:40:17Z/
url https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd557048a6
5
reference_url https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635
reference_id c032843a02ce38fd8f284b2aa5a37fd1c17ae635
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-25T15:40:17Z/
url https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635
6
reference_url https://github.com/advisories/GHSA-7753-xrfw-ch36
reference_id GHSA-7753-xrfw-ch36
reference_type
scores
url https://github.com/advisories/GHSA-7753-xrfw-ch36
7
reference_url https://access.redhat.com/errata/RHSA-2025:16514
reference_id RHSA-2025:16514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16514
fixed_packages
0
url pkg:pypi/llama-index-core@0.12.38
purl pkg:pypi/llama-index-core@0.12.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9gy4-wsap-kqde
1
vulnerability VCID-9nry-wte8-3fbf
2
vulnerability VCID-ep9q-atzq-tffx
3
vulnerability VCID-mbxp-d7t1-3uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.38
aliases CVE-2025-5302, GHSA-7753-xrfw-ch36
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnth-gsay-gbcw
2
url VCID-kef8-9x8x-7qbf
vulnerability_id VCID-kef8-9x8x-7qbf
summary A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-12704
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.5793
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-12704
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-12704
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-12704
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353770
reference_id 2353770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2353770
4
reference_url https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a
reference_id a0b638fd-21c6-4ba7-b381-6ab98472a02a
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/
url https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a
5
reference_url https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05
reference_id d1ecfb77578d089cbe66728f18f635c09aa32a05
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/
url https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05
6
reference_url https://github.com/advisories/GHSA-j3wr-m6xh-64hg
reference_id GHSA-j3wr-m6xh-64hg
reference_type
scores
url https://github.com/advisories/GHSA-j3wr-m6xh-64hg
fixed_packages
0
url pkg:pypi/llama-index-core@0.12.6
purl pkg:pypi/llama-index-core@0.12.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9gy4-wsap-kqde
1
vulnerability VCID-cnth-gsay-gbcw
2
vulnerability VCID-ep9q-atzq-tffx
3
vulnerability VCID-m26d-a2k7-6uck
4
vulnerability VCID-mbxp-d7t1-3uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.6
aliases CVE-2024-12704, GHSA-j3wr-m6xh-64hg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kef8-9x8x-7qbf
3
url VCID-m26d-a2k7-6uck
vulnerability_id VCID-m26d-a2k7-6uck
summary The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5472.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5472.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5472
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.3689
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5472
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-5472
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-5472
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2376769
reference_id 2376769
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2376769
4
reference_url https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635
reference_id c032843a02ce38fd8f284b2aa5a37fd1c17ae635
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T11:17:19Z/
url https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635
5
reference_url https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4
reference_id df187bda-7911-4823-a19a-e15b2c66b0d4
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T11:17:19Z/
url https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4
6
reference_url https://github.com/advisories/GHSA-3wxx-q3gv-pvvv
reference_id GHSA-3wxx-q3gv-pvvv
reference_type
scores
url https://github.com/advisories/GHSA-3wxx-q3gv-pvvv
fixed_packages
0
url pkg:pypi/llama-index-core@0.12.38
purl pkg:pypi/llama-index-core@0.12.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9gy4-wsap-kqde
1
vulnerability VCID-9nry-wte8-3fbf
2
vulnerability VCID-ep9q-atzq-tffx
3
vulnerability VCID-mbxp-d7t1-3uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.38
aliases CVE-2025-5472, GHSA-3wxx-q3gv-pvvv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m26d-a2k7-6uck
4
url VCID-mbxp-d7t1-3uaa
vulnerability_id VCID-mbxp-d7t1-3uaa
summary The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7647.json
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7647.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7647
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06065
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7647
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2399917
reference_id 2399917
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2399917
3
reference_url https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4
reference_id 98816394d57c7f53f847ed7b60725e69d0e7aae4
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:26:13Z/
url https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4
4
reference_url https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e
reference_id a2baa08f-98bf-47a8-ac83-06f7411afd9e
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:26:13Z/
url https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7647
reference_id CVE-2025-7647
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7647
6
reference_url https://github.com/advisories/GHSA-cr7q-2w66-hjcm
reference_id GHSA-cr7q-2w66-hjcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr7q-2w66-hjcm
7
reference_url https://access.redhat.com/errata/RHSA-2025:18984
reference_id RHSA-2025:18984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18984
fixed_packages
0
url pkg:pypi/llama-index-core@0.13.0
purl pkg:pypi/llama-index-core@0.13.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.13.0
aliases CVE-2025-7647, GHSA-cr7q-2w66-hjcm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbxp-d7t1-3uaa
Fixing_vulnerabilities
0
url VCID-z131-hxnn-nyax
vulnerability_id VCID-z131-hxnn-nyax
summary An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45201
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43806
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45201
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml
3
reference_url https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8
4
reference_url https://github.com/run-llama/llama_index/pull/13523
reference_id 13523
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/
url https://github.com/run-llama/llama_index/pull/13523
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2307415
reference_id 2307415
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2307415
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45201
reference_id CVE-2024-45201
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45201
7
reference_url https://github.com/advisories/GHSA-fxc2-8m62-m85x
reference_id GHSA-fxc2-8m62-m85x
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxc2-8m62-m85x
8
reference_url https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38
reference_id v0.10.37...v0.10.38
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/
url https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38
fixed_packages
0
url pkg:pypi/llama-index-core@0.10.38
purl pkg:pypi/llama-index-core@0.10.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9gy4-wsap-kqde
1
vulnerability VCID-cnth-gsay-gbcw
2
vulnerability VCID-kef8-9x8x-7qbf
3
vulnerability VCID-m26d-a2k7-6uck
4
vulnerability VCID-mbxp-d7t1-3uaa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.10.38
aliases CVE-2024-45201, GHSA-fxc2-8m62-m85x, PYSEC-2024-192
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z131-hxnn-nyax
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.10.38