Llama-index-core
This hub aggregates every CVE we track for Llama-index-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
2
Critical
6
High
0
In CISA KEV
Severity distribution
HIGH6MEDIUM2CRITICAL2
Monthly trend
0
1
0
0
0
0
0
0
1
0
0
0
3
1
1
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 10 most recently published vulnerabilities affecting Llama-index-core.
- CVE-2025-6208Uncontrolled Memory Consumption in run-llama/llama_index5.3
- CVE-2025-7647Insecure Temporary File Handling in run-llama/llama_index7.3
- CVE-2025-5302Denial of Service (DOS) in JSONReader in run-llama/llama_index8.6
- CVE-2025-6209Arbitrary File Read through Path Traversal in run-llama/llama_index7.5
- CVE-2025-5472Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index6.5
- CVE-2025-3108Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index7.5
- CVE-2024-12704Denial of Service (DoS) in run-llama/llama_index7.5
- CVE-2024-45201An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.8.8
- CVE-2024-3271Command Injection in run-llama/llama_index9.8
- CVE-2024-3098Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index9.8
Product normalization is registry-driven with AI assist and human review. How it works