📦 Llamaindex

SQL injection vulnerabilities in multiple vector store integrations of run-llama/llama_index v0.12.21 allow attackers to execute arbitrary SQL commands. This can lead to unauthorized data access, modi...

An SQL injection vulnerability in DuckDBVectorStore's delete function allows attackers to manipulate the ref_doc_id parameter to execute arbitrary SQL commands. This can lead to reading/writing files ...

This SQL injection vulnerability in the FinanceChatLlamaPack allows attackers to execute arbitrary SQL queries through the database_agent's run_sql_query function. Exploitation can lead to remote code...

A critical SQL injection vulnerability in the duckdb_retriever component of run-llama/llama_index allows attackers to execute arbitrary SQL commands. This can lead to remote code execution by installi...

A command injection vulnerability in the run-llama/llama_index repository allows attackers to bypass security checks and execute arbitrary code on servers. This remote code execution vulnerability aff...

This CVE describes a SQL injection vulnerability in LlamaIndex's Text-to-SQL feature that allows attackers to execute arbitrary SQL commands through natural language input. Systems using affected vers...

The llama_index library version 0.12.33 sets the NLTK data directory to a world-writable location by default, allowing local users to tamper with or delete NLTK data files. This can lead to denial of ...

A path traversal vulnerability in run-llama/llama_index versions 0.12.27 through 0.12.40 allows attackers to read arbitrary files on the server by manipulating the image_path input in the encode_image...

This vulnerability allows attackers to read arbitrary files on systems using the affected llama_index library by exploiting symbolic link handling in the ObsidianReader class. Users of run-llama/llama...

This CVE describes a Denial of Service vulnerability in the run-llama/llama_index project's KnowledgeBaseWebReader class. Attackers can crash Python processes by exploiting improper recursion limit ha...

This vulnerability allows SQL injection through prompt injection in the JSONalyzeQueryEngine component of llama_index. Attackers can create arbitrary files and cause Denial-of-Service attacks. All use...

A vulnerability in the LangChainLLM class of llama_index v0.12.5 allows denial of service attacks through infinite loops when threads terminate abnormally. This affects applications using the stream_c...

This vulnerability in the run-llama/llama_index library uses MD5 hashing to generate document chunk IDs, causing hash collisions when different chunks have identical text. This leads to data loss, bro...

This vulnerability in the ObsidianReader class of llama_index allows attackers to bypass path restrictions using hardlinks, potentially accessing sensitive system files like /etc/passwd. It affects us...