PYSEC-2026-1566

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/llama-index-readers-docugami/PYSEC-2026-1566.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1566
Aliases
Published
2026-07-07T16:02:57.492463Z
Modified
2026-07-13T16:43:15.567324329Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
Details

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

References

Affected packages

PyPI / llama-index-readers-docugami

Package

Name
llama-index-readers-docugami
View open source insights on deps.dev
Purl
pkg:pypi/llama-index-readers-docugami

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.1

Affected versions

0.*
0.0.1
0.0.2
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.2.0
0.3.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/llama-index-readers-docugami/PYSEC-2026-1566.yaml"