Llamaindex Security Vulnerabilities (CVEs)
Track 14 security vulnerabilities affecting Llamaindex products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
The llama_index library version 0.12.33 sets the NLTK data directory to a world-writable location by default, allowing local users to tamper with or d...
Oct 13, 2025This vulnerability in the run-llama/llama_index library uses MD5 hashing to generate document chunk IDs, causing hash collisions when different chunks...
Jul 10, 2025A path traversal vulnerability in run-llama/llama_index versions 0.12.27 through 0.12.40 allows attackers to read arbitrary files on the server by man...
Jul 7, 2025This vulnerability in the ObsidianReader class of llama_index allows attackers to bypass path restrictions using hardlinks, potentially accessing sens...
Jul 7, 2025This vulnerability allows attackers to read arbitrary files on systems using the affected llama_index library by exploiting symbolic link handling in ...
Jul 7, 2025SQL injection vulnerabilities in multiple vector store integrations of run-llama/llama_index v0.12.21 allow attackers to execute arbitrary SQL command...
Jun 5, 2025An SQL injection vulnerability in DuckDBVectorStore's delete function allows attackers to manipulate the ref_doc_id parameter to execute arbitrary SQL...
Jun 2, 2025This CVE describes a Denial of Service vulnerability in the run-llama/llama_index project's KnowledgeBaseWebReader class. Attackers can crash Python p...
May 10, 2025This vulnerability allows SQL injection through prompt injection in the JSONalyzeQueryEngine component of llama_index. Attackers can create arbitrary ...
Mar 20, 2025This SQL injection vulnerability in the FinanceChatLlamaPack allows attackers to execute arbitrary SQL queries through the database_agent's run_sql_qu...
Mar 20, 2025A vulnerability in the LangChainLLM class of llama_index v0.12.5 allows denial of service attacks through infinite loops when threads terminate abnorm...
Mar 20, 2025A critical SQL injection vulnerability in the duckdb_retriever component of run-llama/llama_index allows attackers to execute arbitrary SQL commands. ...
Mar 20, 2025A command injection vulnerability in the run-llama/llama_index repository allows attackers to bypass security checks and execute arbitrary code on ser...
Apr 16, 2024This CVE describes a SQL injection vulnerability in LlamaIndex's Text-to-SQL feature that allows attackers to execute arbitrary SQL commands through n...
Jan 22, 2024Why Monitor Llamaindex Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 14+ known vulnerabilities affecting Llamaindex products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Llamaindex packages in under 60 seconds. No agents required - completely agentless scanning that works across Llamaindex deployments.
Free vulnerability database: Access detailed information about every Llamaindex CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Llamaindex CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
