Bounties
Partners
Community
Info
run-llama / llama_index
Project repository
LlamaIndex is a data framework for your LLM applications
Submit a report
FIRST INTERACTION
WITHIN
22 DAYS
REVIEW
WITHIN
25 DAYS
FIX
WITHIN
87 DAYS
Remote Code Execution via Unsafe Pickle Deserialization in SimpleObjectNodeMappi...
Oct 17th 2025
itsbalvant
•
not applicable
Remote Code Execution via Unsafe Pickle Deserialization in BGEM3Index (multi_emb...
Oct 17th 2025
itsbalvant
•
not applicable
Remote Code Execution via Unsafe Pickle Deserialization in 'TxtaiVectorStore'
Oct 17th 2025
itsbalvant
•
not applicable
Arbitrary Code Execution via eval() in FaissMapVectorStore id_map Loader
Oct 17th 2025
itsbalvant
•
not applicable
Insecure File Persistence in SimpleVectorStore Exposes Sensitive Data
Oct 17th 2025
0xmrniko
•
not applicable
SQL Injection in ClickHouse Vector Store Metadata Filtering
Sep 25th 2025
mysterious75
•
informative
Critical
Server-Side Request Forgery (SSRF) in LlamaIndex SimpleWebPageReader allows acce...
Sep 14th 2025
gauss-security
•
duplicate
Critical
Critical Template Injection in GitHub Actions Workflows
Sep 25th 2025
anasboulbali
•
not applicable
Path Traversal via SimpleDirectoryReader
Sep 11th 2025
choocs
•
not applicable
SQL Injection in Vector Search via Bigquery
Aug 21st 2025
faizann24
•
informative
Critical
JSON Injection Vulnerability in LlamaIndex Question Generation Module Leading to...
Aug 5th 2025
damcrazy
•
spam
Race Condition in FunctionCallingAgentWorker
Sep 11th 2025
madan301
•
informative
High
Arbitary File Read Through Path Traversal
Jul 23rd 2025
choocs
•
duplicate
High
DoS through image-URL-validation
Sep 11th 2025
patrik-ha
•
informative
High
No Check for Duplicate Entries
Sep 11th 2025
madan301
•
not applicable
No State Rollback on Partial Failure
Sep 11th 2025
madan301
•
not applicable
Command Injection Vulnerability in llama-index-tools-mcp
Aug 21st 2025
bayuncao-bit
•
informative
Critical
Silent Duplicate Dispatcher Registration Vulnerability
Sep 11th 2025
madan301
•
not applicable
Context Reset Workaround Vulnerability in Async Span Management
Sep 11th 2025
madan301
•
not applicable
Shared State Vulnerability in llama_index_instrumentation Dispatcher Due to Muta...
Sep 11th 2025
madan301
•
informative
High
Deepseek API Key Leaked on Repository
Jul 18th 2025
aydinnyunus
•
informative
Medium
SSRF VULNERABILITY REPORT - LLAMA-INDEX
Jul 16th 2025
jplopezy
•
duplicate
High
Backoff Retry Functions in run-llama/llama_index Allow Resource Exhaustion via I...
Jul 16th 2025
madan301
•
informative
Medium
World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete...
Oct 13th 2025
madan301
•
High
•
$750
High
•
$750
•
CVE-2025-7707
CVE-2025-7707
OS Command Injection in llama-index-cli RAG Tool
Jul 4th 2025
colemurray
•
informative
High
Insecure Temporary File Handling Vulnerability in llama-index-core
Sep 27th 2025
anwarayoob
•
High
•
$750
High
•
$750
•
CVE-2025-7647
CVE-2025-7647
Pickle Deserialization Remote Code Execution in llama-index-core
Jul 16th 2025
anwarayoob
•
informative
Critical
XML Entity Expansion vulnerability in XMLReader
Jul 16th 2025
anwarayoob
•
informative
Medium
Path Traversal in `ObsidianReader`
Jun 22nd 2025
ouxs-19
•
informative
High
llama_index.readers.file.paged_csv has an arbitrary file read vulnerability
Jun 22nd 2025
chy4412312
•
informative
High
Denial of Service via UnstructuredReader split document path
Jun 22nd 2025
0xmanan
•
informative
Medium
access key leaks in [Alibaba Cloud]
Jun 22nd 2025
rashidkhanpathan
•
informative
Medium
SQL Injection in Multiple Vector Stores via Unsanitized Input in delete Method D...
Jun 22nd 2025
kunstnicht
•
informative
Critical
CQL Injection in LlamaIndex Cassandra Integration
Jun 22nd 2025
mohit121312
•
informative
Critical
XML Entity Expansion vulnerability in XMLReader
Jun 22nd 2025
makerdd
•
duplicate
High
SQL Injection in RelytVectorStore#init_index() can lead to RCE
Jun 22nd 2025
liankee
•
informative
Critical
llama-index-readers-file has a billion-laugh vulnerability
Jun 22nd 2025
chy4412312
•
duplicate
High
File URI Access in LlamaIndex `StripeDocsReader`
Jun 22nd 2025
ready-research
•
informative
High
Path Traversal via Symbolic Links in `MarkItDownReader` in run-llama/llama_index
Jun 22nd 2025
ready-research
•
informative
High
XML Entity Expansion vulnerability in XMLReader load_data
Jun 22nd 2025
meme-dm
•
duplicate
High
SQL Injection in OceanBaseVectorStore via delete()
Jun 22nd 2025
cyjhhh
•
informative
Critical
SSRF via AsyncWebPageReader with Unvalidated Sitemap Input
Jun 22nd 2025
sandeepl337
•
informative
High
XML Entity Expansion vulnerability in XMLReader parser in run-llama/llama_index
Jun 22nd 2025
ready-research
•
duplicate
Critical
Arbitrary File Read via Crated Node in JaguarVectorStore add
Jun 22nd 2025
pricx
•
informative
Critical
Arbitrary Code Execution via Malicious Module Resolution in LlamaIndex Workflow...
Jun 22nd 2025
0xmrniko
•
informative
Critical
SQL Cypher Injection in graphstore and potential RCE via prompt injection
Jun 22nd 2025
pricx
•
informative
Critical
File Bomb / CPU Exhaust
Jun 22nd 2025
pricx
•
informative
High
SSRF in llama_index.core.schema.ImageDocument
Jun 9th 2025
lonelyuan
•
not applicable
Cypher Injection via llama_index.tools.neo4j
Jun 22nd 2025
zpbrent
•
informative
High
SQL Injection via load_data(query: str) in llama_index.tools.database
Jun 22nd 2025
zpbrent
•
informative
Critical
Browser-based SSRF via llama-index-tools-playwright
Jun 22nd 2025
zpbrent
•
informative
Critical
Vulnerability Report: Arbitrary Code Execution
Jun 22nd 2025
mohit121312
•
informative
Critical
Cypher Injection in FalkorDBPropertyGraphStore via get_triplets can lead to LFI,...
Jun 22nd 2025
polaris-snowfall
•
informative
High
Denial of Service(DOS) in SimpleFileNodeParser(llama_index_core)
Jun 22nd 2025
winters0x64
•
informative
High
Denial of Service(DOS) in XMLReader
Jun 22nd 2025
winters0x64
•
informative
High
Denial of Service(DOS) in SitemapReader while parsing nested html elements
Jun 22nd 2025
winters0x64
•
informative
High
Uncontrolled recursion which leads to Denial Of Service
Aug 28th 2025
winters0x64
•
duplicate
High
llama-index-readers-pandas-ai can trigger RCE through conversation
Jun 5th 2025
bacmiao
•
not applicable
Denial of Service(DOS) in JSONReader
Aug 25th 2025
winters0x64
•
High
•
$750
High
•
$750
•
CVE-2025-5302
CVE-2025-5302
Denial of Service(DOS) in KnowledgeBaseWebReader in run-llama/llama_index
Jun 22nd 2025
ready-research
•
informative
High
Bypass lastest patched: Extract all data from OracleDB via SQL injection
Jun 22nd 2025
m4dn355
•
informative
High
SQL Injection in SingleStoreReader
Jun 22nd 2025
hatlesswizard
•
informative
Critical
Prompt Injection trought Metadata leads to Arbitrary file read
Jun 5th 2025
hatlesswizard
•
informative
High
Arbitrary Code Execution via Unsafe pickle.load() in SimpleObjectNodeMapping.fro...
Jun 22nd 2025
michaelpierre
•
duplicate
High
Arbitrary Code Execution via Unsafe Pickle Deserialization in `TxtaiVectorStore`
Jun 22nd 2025
0xmanan
•
informative
High
Unsafe Deserialization in `SimpleObjectNodeMapping` Enables Arbitrary Code Execu...
Jun 22nd 2025
0xmrniko
•
informative
Critical
Missing Query Validation in Hive – Enables Data Deletion, Insertion, RCE and Mor...
Jun 17th 2025
siriusbellatrix
•
informative
Critical
Code injection in safe_exec
Jun 5th 2025
ehtec
•
informative
Critical
Hash Collision in `SimpleObjectNodeMapping` via Python `hash()` Causing Silent D...
Jun 5th 2025
0xmrniko
•
not applicable
MD5 Hash Collision in DocugamiReader Overwrites Structurally Distinct Chunks wit...
Jul 10th 2025
siriusbellatrix
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-6211
CVE-2025-6211
Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`
Jul 2nd 2025
0xmrniko
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-5472
CVE-2025-5472
Hardlink-Based Path Traversal in ObsidianReader
Jun 30th 2025
0xmanan
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-6210
CVE-2025-6210
Arbitary file read through path traversal
Jul 7th 2025
0xmanan
•
High
•
$750
High
•
$750
•
CVE-2025-6209
CVE-2025-6209
Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution
Jul 6th 2025
0xmrniko
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-3108
CVE-2025-3108
Code Execution via Untrusted Query Transform
Mar 28th 2025
cyfra07
•
not applicable
LlamaIndex Core - RCE via CustomQueryEngine subclass abuse
Mar 28th 2025
cyfra07
•
not applicable
SSRF via `unvalidated webhook_url`
Mar 31st 2025
0xmanan
•
not applicable
Path Traversal via Symbolic Links in `ObsidianReader`
Jun 10th 2025
0xmrniko
•
High
•
$750
High
•
$750
•
CVE-2025-3046
CVE-2025-3046
Uncontrolled Memory Consumption in `SimpleDirectoryReader` Due to Post-Limit Fil...
Jun 16th 2025
0xmrniko
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-6208
CVE-2025-6208
SQL Injection Vulnerability in Jaguar Database Leading to Complete Data Deletion
Jun 6th 2025
khanhd192
•
duplicate
High
MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to...
Jun 5th 2025
siriusbellatrix
•
Medium
•
$125
Medium
•
$125
•
CVE-2025-3044
CVE-2025-3044
SSRF via Simple Web scraper in llama_index.readers.web
Mar 31st 2025
khanhd192
•
not applicable
SQL injection in OracleDB via drop_table_purge function can extract all data fro...
Jun 3rd 2025
m4dn355
•
duplicate
High
SQL Injection in ClickHouse via query index can get all data from database
Jun 2nd 2025
nxczje
•
duplicate
High
SQL Injection in ClickHouseVectorStore via delete can dump database
Jun 1st 2025
nxczje
•
duplicate
High
Filename enumeration and limited LFI
Jun 22nd 2025
ehtec
•
informative
Medium
XML Entity Expansion vulnerability in Sitemap parser
Jun 5th 2025
ehtec
•
High
•
$1500
High
•
$1500
•
CVE-2025-3225
CVE-2025-3225
SQL injection vulnerabilities in multiple vector stores
Jun 5th 2025
ehtec
•
Critical
•
$3000
Critical
•
$3000
•
CVE-2025-1793
CVE-2025-1793
Command injection in LLama-Index CLI
May 28th 2025
ehtec
•
High
•
$750
High
•
$750
•
CVE-2025-1753
CVE-2025-1753
SQL Injection in DuckDBVectorStore via delete can lead to RCE
Jun 2nd 2025
meme-dm
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2025-1750
CVE-2025-1750
A DoS attack occurred in run-llama/llama_index due to inappropriate secure codin...
May 10th 2025
siriusbellatrix
•
High
•
$750
High
•
$750
•
CVE-2025-1752
CVE-2025-1752
Denial of Service(DOS) in LangChainLLM due to missing exception handler.
Mar 14th 2025
life-team2024
•
High
•
$750
High
•
$750
•
CVE-2024-12704
CVE-2024-12704
SQL Injection to RCE on FinanceChatLlamaPack
Mar 6th 2025
life-team2024
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2024-12909
CVE-2024-12909
Denial of Service (DoS) via SQL Injection on VannaQueryEngine in run-llama/llama...
Dec 24th 2024
life-team2024
•
informative
High
A SQL Injection in DuckDB via prompt can lead to RCE
Feb 24th 2025
life-team2024
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2024-11958
CVE-2024-11958
SQL Injection in default_jsonalyzer via prompt injection leads to arbitrary file...
Feb 10th 2025
life-team2024
•
High
•
$750
High
•
$750
•
CVE-2024-12911
CVE-2024-12911
Denial of Service(DOS) in KnowledgeBaseWebReader
Jan 26th 2025
life-team2024
•
Medium
•
$125
Medium
•
$125
•
CVE-2024-12910
CVE-2024-12910
pickle.load() in load_from_disk function of BGEM3Index class
Nov 14th 2024
life-team2024
•
informative
High
A method in Llama-index-core has a Deserialization of Untrusted Data vulnerabili...
Nov 14th 2024
life-team2024
•
informative
High
Download and install packs from untrusted URL leading to a code arbitrary execut...
Jul 3rd 2024
0gur1
•
informative
Critical
Code Injection in llama_index.core.download.integration in run-llama/llama_index
Jun 24th 2024
yuligesec
•
informative
Critical
safe_exec bypass lead to RCE
Apr 25th 2024
tianstcht
•
not applicable
Prompt injection lead to arbitrary file read
Apr 25th 2024
lyutoon
•
duplicate
Critical
Code Execution due to Prompt Injection
May 20th 2024
ouxs-19
•
Critical
•
$1500
Critical
•
$1500
Remote code execute by using safe_exec
Apr 28th 2024
trongphuc12
•
Critical
•
$1500
Critical
•
$1500
*
Feb 19th 2024
0xanis
•
self closed
safe_eval bypass lead to RCE (Command Injection)
Apr 16th 2024
danisjiang
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2024-3271
CVE-2024-3271
Malicious file loaded to RCE in EmbeddedTablesUnstructuredRetrieverPack
Feb 28th 2024
supersuperbang
•
informative
High
Improper Certificate Validation in the Cogniswitch Query Engine
Apr 1st 2024
ehtec
•
informative
Medium
Command injection due to use of eval in RunGptLLM
May 1st 2024
ehtec
•
High
•
$750
High
•
$750
•
CVE-2024-4181
CVE-2024-4181
Prompt Injection leading to Arbitrary Code Execution
Apr 4th 2024
yh-0x7
•
Critical
•
$1500
Critical
•
$1500
•
CVE-2024-3098
CVE-2024-3098
Code injection at command_line/rag.py
Feb 15th 2024
rook1337
•
self closed
CRITICAL
$1500
HIGH
$750
MEDIUM
$125
LOW
$20
