{"url":"http://public2.vulnerablecode.io/api/packages/708113?format=json","purl":"pkg:pypi/llama-index-core@0.9.45","type":"pypi","namespace":"","name":"llama-index-core","version":"0.9.45","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.13.0","latest_non_vulnerable_version":"0.13.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110903?format=json","vulnerability_id":"VCID-9gy4-wsap-kqde","summary":"The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6208.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6208.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6208","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06969","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06939","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435932","reference_id":"2435932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2435932"},{"reference_url":"https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2","reference_id":"53614e2f7913c0e86b58add9470b3c900b6c60b2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:46:45Z/"}],"url":"https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2"},{"reference_url":"https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a","reference_id":"7d722bb6-6567-4608-8b23-f95048d7605a","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:46:45Z/"}],"url":"https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6208","reference_id":"CVE-2025-6208","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6208"},{"reference_url":"https://github.com/advisories/GHSA-488g-hw5f-x29p","reference_id":"GHSA-488g-hw5f-x29p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-488g-hw5f-x29p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38483?format=json","purl":"pkg:pypi/llama-index-core@0.12.41","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.41"}],"aliases":["CVE-2025-6208","GHSA-488g-hw5f-x29p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gy4-wsap-kqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98694?format=json","vulnerability_id":"VCID-cnth-gsay-gbcw","summary":"A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5302.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5302","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1767","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17509","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5302"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5302","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2390808","reference_id":"2390808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2390808"},{"reference_url":"https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd557048a6","reference_id":"70041b81-de9e-4046-8c0e-6ccd557048a6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-25T15:40:17Z/"}],"url":"https://huntr.com/bounties/70041b81-de9e-4046-8c0e-6ccd557048a6"},{"reference_url":"https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635","reference_id":"c032843a02ce38fd8f284b2aa5a37fd1c17ae635","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-25T15:40:17Z/"}],"url":"https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635"},{"reference_url":"https://github.com/advisories/GHSA-7753-xrfw-ch36","reference_id":"GHSA-7753-xrfw-ch36","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7753-xrfw-ch36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16514","reference_id":"RHSA-2025:16514","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16514"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377758?format=json","purl":"pkg:pypi/llama-index-core@0.12.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gy4-wsap-kqde"},{"vulnerability":"VCID-9nry-wte8-3fbf"},{"vulnerability":"VCID-ep9q-atzq-tffx"},{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.38"}],"aliases":["CVE-2025-5302","GHSA-7753-xrfw-ch36"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnth-gsay-gbcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64207?format=json","vulnerability_id":"VCID-jg6s-2mm7-aud1","summary":"A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3271","reference_id":"","reference_type":"","scores":[{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79714","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79649","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3271"},{"reference_url":"https://github.com/run-llama/llama_index/commit/2c92e88838a5f481d50840240b1dd3180066c6f5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/run-llama/llama_index/commit/2c92e88838a5f481d50840240b1dd3180066c6f5"},{"reference_url":"https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475","reference_id":"5fbcb5a8b9f20f81b791c7fc8849e352613ab475","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T19:12:23Z/"}],"url":"https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475"},{"reference_url":"https://huntr.com/bounties/9b32490e-7cf9-470e-8d49-ba083ae7a279","reference_id":"9b32490e-7cf9-470e-8d49-ba083ae7a279","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T19:12:23Z/"}],"url":"https://huntr.com/bounties/9b32490e-7cf9-470e-8d49-ba083ae7a279"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3271","reference_id":"CVE-2024-3271","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3271"},{"reference_url":"https://github.com/advisories/GHSA-r6gp-rff2-p3hf","reference_id":"GHSA-r6gp-rff2-p3hf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6gp-rff2-p3hf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30312?format=json","purl":"pkg:pypi/llama-index-core@0.10.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gy4-wsap-kqde"},{"vulnerability":"VCID-cnth-gsay-gbcw"},{"vulnerability":"VCID-kef8-9x8x-7qbf"},{"vulnerability":"VCID-m26d-a2k7-6uck"},{"vulnerability":"VCID-mbxp-d7t1-3uaa"},{"vulnerability":"VCID-z131-hxnn-nyax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.10.24"}],"aliases":["CVE-2024-3271","GHSA-r6gp-rff2-p3hf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jg6s-2mm7-aud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37022?format=json","vulnerability_id":"VCID-kef8-9x8x-7qbf","summary":"A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the StreamingGeneratorCallbackHandler class. If the thread terminates abnormally before the _llm.predict is executed, there is no exception handling for this case, leading to an infinite loop in the get_response_gen function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12704","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5793","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12704"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12704","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-12704"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353770","reference_id":"2353770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353770"},{"reference_url":"https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a","reference_id":"a0b638fd-21c6-4ba7-b381-6ab98472a02a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/"}],"url":"https://huntr.com/bounties/a0b638fd-21c6-4ba7-b381-6ab98472a02a"},{"reference_url":"https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05","reference_id":"d1ecfb77578d089cbe66728f18f635c09aa32a05","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:16Z/"}],"url":"https://github.com/run-llama/llama_index/commit/d1ecfb77578d089cbe66728f18f635c09aa32a05"},{"reference_url":"https://github.com/advisories/GHSA-j3wr-m6xh-64hg","reference_id":"GHSA-j3wr-m6xh-64hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j3wr-m6xh-64hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377936?format=json","purl":"pkg:pypi/llama-index-core@0.12.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gy4-wsap-kqde"},{"vulnerability":"VCID-cnth-gsay-gbcw"},{"vulnerability":"VCID-ep9q-atzq-tffx"},{"vulnerability":"VCID-m26d-a2k7-6uck"},{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.6"}],"aliases":["CVE-2024-12704","GHSA-j3wr-m6xh-64hg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kef8-9x8x-7qbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99175?format=json","vulnerability_id":"VCID-m26d-a2k7-6uck","summary":"The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5472.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5472","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37068","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.3689","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5472"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5472","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376769","reference_id":"2376769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2376769"},{"reference_url":"https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635","reference_id":"c032843a02ce38fd8f284b2aa5a37fd1c17ae635","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T11:17:19Z/"}],"url":"https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635"},{"reference_url":"https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4","reference_id":"df187bda-7911-4823-a19a-e15b2c66b0d4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-07T11:17:19Z/"}],"url":"https://huntr.com/bounties/df187bda-7911-4823-a19a-e15b2c66b0d4"},{"reference_url":"https://github.com/advisories/GHSA-3wxx-q3gv-pvvv","reference_id":"GHSA-3wxx-q3gv-pvvv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3wxx-q3gv-pvvv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377758?format=json","purl":"pkg:pypi/llama-index-core@0.12.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gy4-wsap-kqde"},{"vulnerability":"VCID-9nry-wte8-3fbf"},{"vulnerability":"VCID-ep9q-atzq-tffx"},{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.12.38"}],"aliases":["CVE-2025-5472","GHSA-3wxx-q3gv-pvvv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m26d-a2k7-6uck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106735?format=json","vulnerability_id":"VCID-mbxp-d7t1-3uaa","summary":"The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7647.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7647","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06065","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06086","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7647"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2399917","reference_id":"2399917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2399917"},{"reference_url":"https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4","reference_id":"98816394d57c7f53f847ed7b60725e69d0e7aae4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:26:13Z/"}],"url":"https://github.com/run-llama/llama_index/commit/98816394d57c7f53f847ed7b60725e69d0e7aae4"},{"reference_url":"https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e","reference_id":"a2baa08f-98bf-47a8-ac83-06f7411afd9e","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T19:26:13Z/"}],"url":"https://huntr.com/bounties/a2baa08f-98bf-47a8-ac83-06f7411afd9e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7647","reference_id":"CVE-2025-7647","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7647"},{"reference_url":"https://github.com/advisories/GHSA-cr7q-2w66-hjcm","reference_id":"GHSA-cr7q-2w66-hjcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr7q-2w66-hjcm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18984","reference_id":"RHSA-2025:18984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18984"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33984?format=json","purl":"pkg:pypi/llama-index-core@0.13.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.13.0"}],"aliases":["CVE-2025-7647","GHSA-cr7q-2w66-hjcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbxp-d7t1-3uaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64620?format=json","vulnerability_id":"VCID-pnre-tvr7-gbgm","summary":"A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3098","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3499","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3098"},{"reference_url":"https://github.com/run-llama/llama_index/commit/2c92e88838a5f481d50840240b1dd3180066c6f5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/run-llama/llama_index/commit/2c92e88838a5f481d50840240b1dd3180066c6f5"},{"reference_url":"https://huntr.com/bounties/1bce0d61-ad03-4b22-bc32-8f99f92974e7","reference_id":"1bce0d61-ad03-4b22-bc32-8f99f92974e7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-25T19:07:30Z/"}],"url":"https://huntr.com/bounties/1bce0d61-ad03-4b22-bc32-8f99f92974e7"},{"reference_url":"https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475","reference_id":"5fbcb5a8b9f20f81b791c7fc8849e352613ab475","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-07-25T19:07:30Z/"}],"url":"https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3098","reference_id":"CVE-2024-3098","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3098"},{"reference_url":"https://github.com/advisories/GHSA-wvpx-g427-q9wc","reference_id":"GHSA-wvpx-g427-q9wc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wvpx-g427-q9wc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30312?format=json","purl":"pkg:pypi/llama-index-core@0.10.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gy4-wsap-kqde"},{"vulnerability":"VCID-cnth-gsay-gbcw"},{"vulnerability":"VCID-kef8-9x8x-7qbf"},{"vulnerability":"VCID-m26d-a2k7-6uck"},{"vulnerability":"VCID-mbxp-d7t1-3uaa"},{"vulnerability":"VCID-z131-hxnn-nyax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.10.24"}],"aliases":["CVE-2024-3098","GHSA-wvpx-g427-q9wc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnre-tvr7-gbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40244?format=json","vulnerability_id":"VCID-z131-hxnn-nyax","summary":"An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45201","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43961","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43806","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45201"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-192.yaml"},{"reference_url":"https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8"},{"reference_url":"https://github.com/run-llama/llama_index/pull/13523","reference_id":"13523","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/"}],"url":"https://github.com/run-llama/llama_index/pull/13523"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2307415","reference_id":"2307415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2307415"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45201","reference_id":"CVE-2024-45201","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45201"},{"reference_url":"https://github.com/advisories/GHSA-fxc2-8m62-m85x","reference_id":"GHSA-fxc2-8m62-m85x","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxc2-8m62-m85x"},{"reference_url":"https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38","reference_id":"v0.10.37...v0.10.38","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T18:18:17Z/"}],"url":"https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33075?format=json","purl":"pkg:pypi/llama-index-core@0.10.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9gy4-wsap-kqde"},{"vulnerability":"VCID-cnth-gsay-gbcw"},{"vulnerability":"VCID-kef8-9x8x-7qbf"},{"vulnerability":"VCID-m26d-a2k7-6uck"},{"vulnerability":"VCID-mbxp-d7t1-3uaa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.10.38"}],"aliases":["CVE-2024-45201","GHSA-fxc2-8m62-m85x","PYSEC-2024-192"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z131-hxnn-nyax"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index-core@0.9.45"}