Llama-index
This hub aggregates every CVE we track for Llama-index, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
3
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4CRITICAL3MEDIUM2
Monthly trend
0
0
0
0
0
0
0
0
2
0
1
1
1
0
0
1
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Llama-index.
- CVE-2025-7707World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index7.8
- CVE-2025-6211MD5 Hash Collision in run-llama/llama_index6.5
- CVE-2025-1793SQL Injection in run-llama/llama_index9.8
- CVE-2025-1752Denial of Service in run-llama/llama_index7.5
- CVE-2024-12911SQL Injection in run-llama/llama_index7.1
- CVE-2024-12910Denial of Service in run-llama/llama_index5.9
- CVE-2024-4181Command Injection in run-llama/llama_index8.8
- CVE-2024-23751LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVect...9.8
- CVE-2023-39662An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.9.8
Product normalization is registry-driven with AI assist and human review. How it works