OSV - Open Source Vulnerabilities

GHSA-488g-hw5f-x29p

PyPI/llama-index-core

llama-index-core vulnerable to Uncontrolled Resource Consumption

02 Feb

Fix available
Severity - 5.3 (Medium)

GHSA-rg9h-vx28-xxp5

PyPI/llama-index

llama-index has Insecure Temporary File

13 Oct 2025

Fix available
Severity - 7.1 (High)

GHSA-cr7q-2w66-hjcm

PyPI/llama-index-core

llama-index-core insecurely handles temporary files

27 Sep 2025

Fix available
Severity - 7.3 (High)

GHSA-7753-xrfw-ch36

PyPI/llama-index-core

LlamaIndex affected by a Denial of Service (DOS) in JSONReader

26 Aug 2025

Fix available
Severity - 8.6 (High)

GHSA-5hq9-5r78-2gjh

PyPI/llama-index
PyPI/llama-index-readers-docugami

LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

10 Jul 2025

Fix available
Severity - 6.5 (Medium)

GHSA-2rhq-96q8-4vjq

PyPI/llama-index-core

LlamaIndex vulnerable to Path Traversal attack through its encode_image function

07 Jul 2025

Fix available
Severity - 7.5 (High)

PYSEC-2025-65

PyPI/llama-index
github.com/run-llama/llama_index

See record for full details

07 Jul 2025

Fix available

GHSA-3j8r-jf9w-5cmh

PyPI/llama-index-readers-obsidian

LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit

07 Jul 2025

Fix available
Severity - 6.2 (Medium)

GHSA-3wxx-q3gv-pvvv

PyPI/llama-index-core

LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing

07 Jul 2025

Fix available
Severity - 6.5 (Medium)

GHSA-fmrf-6jv9-qjc7

PyPI/llama-index-readers-obsidian

LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

07 Jul 2025

Fix available
Severity - 7.5 (High)

GHSA-p7j4-jwjf-5x9w

PyPI/llama-index-readers-papers

LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions

07 Jul 2025

Fix available
Severity - 5.3 (Medium)

GHSA-w42r-mrx7-c633

PyPI/llama-index-readers-papers

LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser

07 Jul 2025

Fix available
Severity - 7.5 (High)

GHSA-m84c-4c34-28gf

PyPI/llama-index-core

LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component

07 Jul 2025

Fix available
Severity - 5.0 (Medium)

GHSA-v3c8-3pr6-gr7p

PyPI/llama-index

llama_index vulnerable to SQL Injection

05 Jun 2025

Fix available
Severity - 9.8 (Critical)

GHSA-g99h-56mw-8263

PyPI/llama-index-cli

LLama-Index CLI OS command injection vulnerability

28 May 2025

Fix available
Severity - 7.8 (High)

GHSA-7c85-87cp-mr6g

PyPI/llama-index

LlamaIndex Vulnerable to Denial of Service (DoS)

10 May 2025

Fix available
Severity - 7.5 (High)

Load more...(1 page left)