{"url":"http://public2.vulnerablecode.io/api/packages/38483?format=json","purl":"pkg:pypi/llama-index-core@0.12.41","type":"pypi","namespace":"","name":"llama-index-core","version":"0.12.41","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.13.0","latest_non_vulnerable_version":"0.13.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106735?format=json","vulnerability_id":"VCID-mbxp-d7t1-3uaa","summary":"The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7647.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7647","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06065","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06086","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2399917","reference_id":"2399917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2399917"},{"reference_url":"https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4","reference_id":"98816394d57c7f53f847ed7b60725e69d0e7aae4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:26:13Z/"}],"url":"https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4"},{"reference_url":"https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e","reference_id":"a2baa08f-98bf-47a8-ac83-06f7411afd9e","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:26:13Z/"}],"url":"https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7647","reference_id":"CVE-2025-7647","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7647"},{"reference_url":"https://github.com/advisories/GHSA-cr7q-2w66-hjcm","reference_id":"GHSA-cr7q-2w66-hjcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr7q-2w66-hjcm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18984","reference_id":"RHSA-2025:18984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18984"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33984?format=json","purl":"pkg:pypi/llama-index-core@0.13.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.13.0"}],"aliases":["CVE-2025-7647","GHSA-cr7q-2w66-hjcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbxp-d7t1-3uaa"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110903?format=json","vulnerability_id":"VCID-9gy4-wsap-kqde","summary":"The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6208.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6208","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06969","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06939","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435932","reference_id":"2435932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435932"},{"reference_url":"https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2","reference_id":"53614e2f7913c0e86b58add9470b3c900b6c60b2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:46:45Z/"}],"url":"https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2"},{"reference_url":"https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a","reference_id":"7d722bb6-6567-4608-8b23-f95048d7605a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:46:45Z/"}],"url":"https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6208","reference_id":"CVE-2025-6208","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6208"},{"reference_url":"https://github.com/advisories/GHSA-488g-hw5f-x29p","reference_id":"GHSA-488g-hw5f-x29p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-488g-hw5f-x29p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38483?format=json","purl":"pkg:pypi/llama-index-core@0.12.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.41"}],"aliases":["CVE-2025-6208","GHSA-488g-hw5f-x29p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gy4-wsap-kqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110953?format=json","vulnerability_id":"VCID-9nry-wte8-3fbf","summary":"A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6209.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6209","reference_id":"","reference_type":"","scores":[{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63783","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63885","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6209"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-65.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2025-65.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6209","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376808","reference_id":"2376808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376808"},{"reference_url":"https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274","reference_id":"cdeaab91a204d1c3527f177dac37390327aef274","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-07T13:45:44Z/"}],"url":"https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274"},{"reference_url":"https://huntr.com/bounties/e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68","reference_id":"e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-07T13:45:44Z/"}],"url":"https://huntr.com/bounties/e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68"},{"reference_url":"https://github.com/advisories/GHSA-2rhq-96q8-4vjq","reference_id":"GHSA-2rhq-96q8-4vjq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2rhq-96q8-4vjq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38483?format=json","purl":"pkg:pypi/llama-index-core@0.12.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.41"}],"aliases":["CVE-2025-6209","GHSA-2rhq-96q8-4vjq","PYSEC-2025-65"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nry-wte8-3fbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127030?format=json","vulnerability_id":"VCID-ep9q-atzq-tffx","summary":"A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause includes an insecure fallback mechanism, lack of validation or safeguards, misleading design, and violation of Python security guidelines.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3108","reference_id":"","reference_type":"","scores":[{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82248","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3108"},{"reference_url":"https://github.com/run-llama/llama_index/blob/v0.12.41/CHANGELOG.md#llama-index-core-01241","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/run-llama/llama_index/blob/v0.12.41/CHANGELOG.md#llama-index-core-01241"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3108","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3108"},{"reference_url":"https://github.com/run-llama/llama_index/commit/702e4340623092fac4cf2fe95eb9465034856da3","reference_id":"702e4340623092fac4cf2fe95eb9465034856da3","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T13:42:15Z/"}],"url":"https://github.com/run-llama/llama_index/commit/702e4340623092fac4cf2fe95eb9465034856da3"},{"reference_url":"https://huntr.com/bounties/9b55a5e8-74e6-4241-b323-e360dc8b110a","reference_id":"9b55a5e8-74e6-4241-b323-e360dc8b110a","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T13:42:15Z/"}],"url":"https://huntr.com/bounties/9b55a5e8-74e6-4241-b323-e360dc8b110a"},{"reference_url":"https://github.com/advisories/GHSA-m84c-4c34-28gf","reference_id":"GHSA-m84c-4c34-28gf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m84c-4c34-28gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38483?format=json","purl":"pkg:pypi/llama-index-core@0.12.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.41"}],"aliases":["CVE-2025-3108","GHSA-m84c-4c34-28gf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ep9q-atzq-tffx"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.41"}