Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-488g-hw5f-x29p
  • PyPI/llama-index-core
 llama-index-core vulnerable to Uncontrolled Resource Consumption 02 Feb
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cr7q-2w66-hjcm
  • PyPI/llama-index-core
 llama-index-core insecurely handles temporary files 27 Sep 2025
  • Fix available
  • Severity - 7.3 (High)
GHSA-7753-xrfw-ch36
  • PyPI/llama-index-core
 LlamaIndex affected by a Denial of Service (DOS) in JSONReader 26 Aug 2025
  • Fix available
  • Severity - 8.6 (High)
GHSA-2rhq-96q8-4vjq
  • PyPI/llama-index-core
 LlamaIndex vulnerable to Path Traversal attack through its encode_image function 07 Jul 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-3wxx-q3gv-pvvv
  • PyPI/llama-index-core
 LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing 07 Jul 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-m84c-4c34-28gf
  • PyPI/llama-index-core
 LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component 07 Jul 2025
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-j3wr-m6xh-64hg
  • PyPI/llama-index-core
 LlamaIndex Improper Handling of Exceptional Conditions vulnerability 20 Mar 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-fxc2-8m62-m85x
  • PyPI/llama-index-core
 LlamaIndex includes an exec call for `import {cls_name}` 22 Aug 2024
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-r6gp-rff2-p3hf
  • PyPI/llama-index-core
 llama-index-core Command Injection vulnerability 16 Apr 2024
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-wvpx-g427-q9wc
  • PyPI/llama-index-core
 llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution 10 Apr 2024
  • Fix available
  • Severity - 9.8 (Critical)