AI Threat Alert

LlamaIndex Vulnerabilities

pip LLM Frameworks

58

Risk Score

13

Total CVEs

3

Critical

pip

Ecosystem

Oct 13, 2025

Last CVE

87%

Patch Rate

50d

Avg Time to Patch

49,455 stars 7,419 forks 384 issues 229 dependents Last push May 15, 2026

Known Vulnerabilities (13 total, page 1 of 1)

Severity CVE ID Summary CVSS Published

MEDIUM CVE-2024-12910 llama-index: DoS via infinite recursion in web reader 5.9 Mar 20, 2025 CRITICAL CVE-2024-12909 llama-index finchat: SQL injection enables RCE 10.0 Mar 20, 2025 HIGH CVE-2025-1752 llama_index: DoS via uncapped recursion in web reader 7.5 May 10, 2025 HIGH CVE-2025-1753 llama-index-cli: OS command injection enables RCE 7.8 May 28, 2025 CRITICAL CVE-2024-11958 llama-index DuckDB retriever: SQLi enables RCE 9.8 Mar 20, 2025 CRITICAL CVE-2025-1793 llama_index: SQL injection in vector store integrations 9.8 Jun 5, 2025 HIGH CVE-2025-3046 LlamaIndex Obsidian: symlink traversal exposes host files 7.5 Jul 7, 2025 HIGH CVE-2025-3225 llama-index Papers Loader: XML expansion DoS 7.5 Jul 7, 2025 MEDIUM CVE-2025-3044 llama-index ArxivReader: MD5 collision corrupts training data 5.3 Jul 7, 2025 MEDIUM CVE-2025-6210 llama-index Obsidian reader: hardlink path traversal leaks files 6.2 Jul 7, 2025 MEDIUM CVE-2025-6211 llama-index: DocugamiReader MD5 hash collision drops chunks 6.5 Jul 10, 2025 HIGH CVE-2025-7707 llama-index: world-writable NLTK dir allows local tampering 7.1 Oct 13, 2025 HIGH CVE-2024-12911 llama-index: SQLi+DoS via prompt injection in query engine 7.1 Mar 20, 2025

Monitor LlamaIndex in your stack

Get instant alerts when new vulnerabilities affect LlamaIndex. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring