CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6211 – MD5 Hash Collision in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-6211
10 Jul 2025 — A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolv... • https://github.com/run-llama/llama_index/commit/29b2e07e64ed7d302b1cc058185560b28eaa1352 • CWE-440: Expected Behavior Violation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6209 – Arbitrary File Read through Path Traversal in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-6209
07 Jul 2025 — A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in versio... • https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5472 – Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-5472
07 Jul 2025 — The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availabi... • https://github.com/run-llama/llama_index/commit/c032843a02ce38fd8f284b2aa5a37fd1c17ae635 • CWE-674: Uncontrolled Recursion •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6210 – Hardlink-Based Path Traversal in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-6210
07 Jul 2025 — A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2. • https://github.com/run-llama/llama_index/commit/a86c96ae0e662492eeb471b658ae849a93f628ff • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3046 – Path Traversal via Symbolic Links in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-3046
07 Jul 2025 — A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information. • https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3044 – MD5 Hash Collision in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-3044
07 Jul 2025 — A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28. • https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e • CWE-440: Expected Behavior Violation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3225 – XML Entity Expansion vulnerability in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-3225
07 Jul 2025 — An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29. • https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3108 – Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-3108
06 Jul 2025 — A critical deserialization vulnerability exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause ... • https://github.com/run-llama/llama_index/commit/702e4340623092fac4cf2fe95eb9465034856da3 • CWE-1112: Incomplete Documentation of Program Execution •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1793 – SQL Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-1793
05 Jun 2025 — Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application. Varias integraciones de almacén vectorial en run-llama/llama_index (versión v0.12.21) presentan vulnerabilidades de inyección SQL. Estas vulnerabilidades permiten a un atacante leer y esc... • https://github.com/Usama-Figueira/-CVE-2025-1793-poc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1753 – Command Injection in LLama-Index CLI in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2025-1753
28 May 2025 — LLama-Index CLI version v0.12.20 contains an OS command injection vulnerability. The vulnerability arises from the improper handling of the `--files` argument, which is directly passed into `os.system`. An attacker who controls the content of this argument can inject and execute arbitrary shell commands. This vulnerability can be exploited locally if the attacker has control over the CLI arguments, and remotely if a web application calls the LLama-Index CLI with a user-controlled filename. This issue can le... • https://github.com/run-llama/llama_index/commit/b57e76738c53ca82d88658b82f2d82d1c7839c7d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •