repository icon
run-llama / llama_index Project repository

LlamaIndex is a data framework for your LLM applications

Submit a report

FIRST INTERACTION

WITHIN19 DAYS

REVIEW

WITHIN19 DAYS

FIX

WITHIN93 DAYS

Sandbox Bypass in "safe_exec/safe_eval" Leads to Remote Code Execution
nakosec
duplicate
Critical
PandasQueryEngine Sandbox Escape via pd.io.common.os Module Attribute Traversal
wernerina
duplicate
Critical
Server-Side Request Forgery (SSRF) via Unvalidated URL in SimpleWebPageReader
invisiblemonsters
duplicate
High
Insecure Deserialization in SimpleObjectNodeMapping.from_persist_dir()
loris4py
duplicate
Critical
SQL Injection in Alibaba Cloud MySQL Vector Store via Unsanitized Metadata Filte...
mehmedbesim
duplicate
Critical
Server-Side Request Forgery (SSRF) in Multiple Web Reader Components
galanzi2580-wq
duplicate
High
Arbitrary Code Execution via Unsafe Pickle Deserialization in SimpleObjectNodeMa...
l1iith
duplicate
High
Sandbox Bypass → Remote Code Execution in `safe_eval`/`safe_exec` via `pd.io.com...
l1iith
duplicate
Critical
Sandbox Bypass
jeremylaratro
duplicate
Critical
SQL Injection in Additional Vector Stores Not Resolved by CVE-2025-1793
responsiblereport10
duplicate
Critical
SQL Injection in DB2 Vector Store via `delete()`, `query()`, and `_append_meta_f...
maniketabchi
duplicate
Critical
Remote Code Execution via Documentation-Recommended PickleSerializer in Workflow...
edferr
duplicate
Critical
PandasQueryEngine safe_exec sandbox bypass via whitelisted imports (pandas/numpy...
theagentknownasren-gif
duplicate
Critical
PandasQueryEngine safe_exec sandbox bypass via whitelisted imports (pandas/numpy...
theagentknownasren-gif
duplicate
Critical
Systemic SQL Injection in 10+ Vector Store Integrations via Unsanitized Metadata...
jhacksman
duplicate
High
LlamaIndex TextToCypherRetriever Prompt Injection leads to Cypher Injection and...
mia-718ai
duplicate
Critical
Server-Side Request Forgery (SSRF) in llama_index Download Module Allows Access...
mia-718ai
duplicate
Critical
Server Side Request Forgery in ImageNode.resolve_image() method
yashvardhantrip
duplicate
High
RCE via Pickle Deserialization in SimpleObjectNodeMapping.from_persist_dir()
yashvardhantrip
duplicate
High
Unsafe Pickle Deserialization in SimpleObjectNodeMapping Enables Remote Code Exe...
sanu1999
duplicate
High
Path Traversal via Symbolic Links in SimpleDirectoryReader Allows Arbitrary File...
sanu1999
duplicate
Medium
Remote Code Execution in SimpleObjectNodeMapping via Unsafe Pickle Deserializati...
mr-neutr0n
duplicate
Critical
Arbitrary File Write via Sandbox Bypass in PandasQueryEngine (Prompt Injection)
unicuervo16
informative
Critical
XML External Entity (XXE) Injection in DocugamiReader via Unsafe XML Parsing
bademeischta
informative
Critical
Uncontrolled Recursion in `JSONNodeParser` Leads to Stack Overflow DoS in run-ll...
nova-aryan
duplicate
High
Blind SQL Injection in NLSQLTableQueryEngine via Prompt Injection allows Databas...
bademeischta
informative
Critical
Arbitrary Argument Injection in download_integration leading to potential RCE
espanda666
informative
High
Remote Code Execution (RCE) via Indirect Prompt Injection in EvaporateExtractor
espanda666
duplicate
Critical
Remote code execution vulnerability in that bypasses code checks
ka7arotto
duplicate
Critical
Unsafe Sandbox Bypass in llama_index's safe_exec and safe_eval Functions Allows...
to-be-w1th0ut
duplicate
Critical
LlamaIndex Remote Code Execution via safe_exec + Malicious Pickle
to-be-w1th0ut
duplicate
Critical
Authorization Boundary Bypass in NLSQLTableQueryEngine allowing Unauthorized Acc...
aldorizona10-glitch
not applicable
Denial of Service via Malformed GGUF Model Causing Memory Allocation Failure in...
aldorizona10-glitch
spam
Unbounded Image Metadata Forwarded to Pillow Causes Remote Denial-of-Service via...
hyperps
informative
High
SQL Injection via MetadataFilter.key in PGVectorStore (_build_filter_clause)
vitalysim
informative
Critical
Arbitrary File Read in llama_index via ImageDocument Setter (Bypass of CVE-2025-...
nigh7c0r3
duplicate
High
HWP Reader Decompression Bomb (Memory Exhaustion DoS)
bilisheep
informative
High
Critical RCE in LlamaIndex FAISS Vector Store via Unsafe Deserialization
skypher
duplicate
Critical
Arbitrary Code Execution (RCE) via Unsafe Pickle Deserialization in SimpleObject...
pygmalionsimon
duplicate
Critical
SQL Injection in ref_doc_id parameter
maticmindsecurityresearchteam
duplicate
Critical
LlamaIndex Repository Deserialization Vulnerabilities
7908837174
duplicate
Critical
vector Database Poisoning via Unvalidated Embeddings
daridor9
not applicable
Remote Code Execution (RCE) via Unsafe Argument Introspection in LlamaIndex Inst...
hyperps1
informative
Critical
SQL Injection in NebulaGraph Store Allowing Complete Database Compromise
shawkatabdelhaq
self closed
Critical XXE and XML Injection Vulnerabilities in llama-index Agent Utils
shawkatabdelhaq
spam
Remote Code Execution via Unsafe Pickle Deserialization
mufeedvh
not applicable
Remote Code Execution via NumPy ctypes in PolarsInstructionParser.parse
mufeedvh
not applicable
Remote Code Execution via Unsafe Pickle Deserialization in SimpleObjectNodeMappi...
itsbalvant
not applicable
Remote Code Execution via Unsafe Pickle Deserialization in BGEM3Index (multi_emb...
itsbalvant
not applicable
Remote Code Execution via Unsafe Pickle Deserialization in 'TxtaiVectorStore'
itsbalvant
not applicable
Arbitrary Code Execution via eval() in FaissMapVectorStore id_map Loader
itsbalvant
not applicable
Insecure File Persistence in SimpleVectorStore Exposes Sensitive Data
0xmrniko
not applicable
SQL Injection in ClickHouse Vector Store Metadata Filtering
mysterious75
informative
Critical
Server-Side Request Forgery (SSRF) in LlamaIndex SimpleWebPageReader allows acce...
gauss-security
duplicate
Critical
Critical Template Injection in GitHub Actions Workflows
anasboulbali
not applicable
Path Traversal via SimpleDirectoryReader
choocs
not applicable
SQL Injection in Vector Search via Bigquery
faizann24
informative
Critical
JSON Injection Vulnerability in LlamaIndex Question Generation Module Leading to...
damcrazy
spam
Race Condition in FunctionCallingAgentWorker
madan301
informative
High
Arbitary File Read Through Path Traversal
choocs
duplicate
High
DoS through image-URL-validation
patrik-ha
informative
High
No Check for Duplicate Entries
madan301
not applicable
No State Rollback on Partial Failure
madan301
not applicable
Command Injection Vulnerability in llama-index-tools-mcp
bayuncao-bit
informative
Critical
Silent Duplicate Dispatcher Registration Vulnerability
madan301
not applicable
Context Reset Workaround Vulnerability in Async Span Management
madan301
not applicable
Shared State Vulnerability in llama_index_instrumentation Dispatcher Due to Muta...
madan301
informative
High
Deepseek API Key Leaked on Repository
aydinnyunus
informative
Medium
SSRF VULNERABILITY REPORT - LLAMA-INDEX
jplopezy
duplicate
High
Backoff Retry Functions in run-llama/llama_index Allow Resource Exhaustion via I...
madan301
informative
Medium
World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete...
madan301
High
$750CVE-2025-7707
OS Command Injection in llama-index-cli RAG Tool
colemurray
informative
High
Insecure Temporary File Handling Vulnerability in llama-index-core
anwarayoob
High
$750CVE-2025-7647
Pickle Deserialization Remote Code Execution in llama-index-core
anwarayoob
informative
Critical
XML Entity Expansion vulnerability in XMLReader
anwarayoob
informative
Medium
Path Traversal in `ObsidianReader`
ouxs-19
informative
High
llama_index.readers.file.paged_csv has an arbitrary file read vulnerability
chy4412312
informative
High
Denial of Service via UnstructuredReader split document path
0xmanan
informative
Medium
access key leaks in [Alibaba Cloud]
rashidkhanpathan
informative
Medium
SQL Injection in Multiple Vector Stores via Unsanitized Input in delete Method D...
kunstnicht
informative
Critical
CQL Injection in LlamaIndex Cassandra Integration
mohit121312
informative
Critical
XML Entity Expansion vulnerability in XMLReader
makerdd
duplicate
High
SQL Injection in RelytVectorStore#init_index() can lead to RCE
liankee
informative
Critical
llama-index-readers-file has a billion-laugh vulnerability
chy4412312
duplicate
High
File URI Access in LlamaIndex `StripeDocsReader`
ready-research
informative
High
Path Traversal via Symbolic Links in `MarkItDownReader` in run-llama/llama_index
ready-research
informative
High
XML Entity Expansion vulnerability in XMLReader load_data
meme-dm
duplicate
High
SQL Injection in OceanBaseVectorStore via delete()
cyjhhh
informative
Critical
SSRF via AsyncWebPageReader with Unvalidated Sitemap Input
sandeepl337
informative
High
XML Entity Expansion vulnerability in XMLReader parser in run-llama/llama_index
ready-research
duplicate
Critical
Arbitrary File Read via Crated Node in JaguarVectorStore add
pricx
informative
Critical
Arbitrary Code Execution via Malicious Module Resolution in LlamaIndex Workflow...
0xmrniko
informative
Critical
SQL Cypher Injection in graphstore and potential RCE via prompt injection
pricx
informative
Critical
File Bomb / CPU Exhaust
pricx
informative
High
SSRF in llama_index.core.schema.ImageDocument
lonelyuan
not applicable
Cypher Injection via llama_index.tools.neo4j
zpbrent
informative
High
SQL Injection via load_data(query: str) in llama_index.tools.database
zpbrent
informative
Critical
Browser-based SSRF via llama-index-tools-playwright
zpbrent
informative
Critical
Vulnerability Report: Arbitrary Code Execution
mohit121312
informative
Critical
Cypher Injection in FalkorDBPropertyGraphStore via get_triplets can lead to LFI,...
polaris-snowfall
informative
High
Denial of Service(DOS) in SimpleFileNodeParser(llama_index_core)
winters0x64
informative
High
Denial of Service(DOS) in XMLReader
winters0x64
informative
High
Denial of Service(DOS) in SitemapReader while parsing nested html elements
winters0x64
informative
High
Uncontrolled recursion which leads to Denial Of Service
winters0x64
duplicate
High
llama-index-readers-pandas-ai can trigger RCE through conversation
bacmiao
not applicable
Denial of Service(DOS) in JSONReader
winters0x64
High
$750CVE-2025-5302
Denial of Service(DOS) in KnowledgeBaseWebReader in run-llama/llama_index
ready-research
informative
High
Bypass lastest patched: Extract all data from OracleDB via SQL injection
m4dn355
informative
High
SQL Injection in SingleStoreReader
hatlesswizard
informative
Critical
Prompt Injection trought Metadata leads to Arbitrary file read
hatlesswizard
informative
High
Arbitrary Code Execution via Unsafe pickle.load() in SimpleObjectNodeMapping.fro...
michaelpierre
duplicate
High
Arbitrary Code Execution via Unsafe Pickle Deserialization in `TxtaiVectorStore`
0xmanan
informative
High
Unsafe Deserialization in `SimpleObjectNodeMapping` Enables Arbitrary Code Execu...
0xmrniko
informative
Critical
Missing Query Validation in Hive – Enables Data Deletion, Insertion, RCE and Mor...
freedom-of-the-mind
informative
Critical
Code injection in safe_exec
ehtec
informative
Critical
Hash Collision in `SimpleObjectNodeMapping` via Python `hash()` Causing Silent D...
0xmrniko
not applicable
MD5 Hash Collision in DocugamiReader Overwrites Structurally Distinct Chunks wit...
freedom-of-the-mind
Medium
$125CVE-2025-6211
Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`
0xmrniko
Medium
$125CVE-2025-5472
Hardlink-Based Path Traversal in ObsidianReader
0xmanan
Medium
$125CVE-2025-6210
Arbitary file read through path traversal
0xmanan
High
$750CVE-2025-6209
Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution
0xmrniko
Medium
$125CVE-2025-3108
Code Execution via Untrusted Query Transform
cyfra07
not applicable
LlamaIndex Core - RCE via CustomQueryEngine subclass abuse
cyfra07
not applicable
SSRF via `unvalidated webhook_url`
0xmanan
not applicable
Path Traversal via Symbolic Links in `ObsidianReader`
0xmrniko
High
$750CVE-2025-3046
Uncontrolled Memory Consumption in `SimpleDirectoryReader` Due to Post-Limit Fil...
0xmrniko
Medium
$125CVE-2025-6208
SQL Injection Vulnerability in Jaguar Database Leading to Complete Data Deletion
khanhd192
duplicate
High
MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to...
freedom-of-the-mind
Medium
$125CVE-2025-3044
SSRF via Simple Web scraper in llama_index.readers.web
khanhd192
not applicable
SQL injection in OracleDB via drop_table_purge function can extract all data fro...
m4dn355
duplicate
High