Llamaindex
AI Threat Alert tracks 6 known AI/ML vulnerabilities affecting Llamaindex products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Llamaindex CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-12704 | llama-index: DoS via infinite loop in LangChain LLM | llamaindex | 7.5 |
| HIGH | CVE-2024-12911 | llama-index: SQLi+DoS via prompt injection in query engine | llamaindex | 7.1 |
| UNKNOWN | CVE-2024-4181 | llama_index: RCE via eval() in RunGptLLM connector | llamaindex | - |
| CRITICAL | CVE-2024-23751 | LlamaIndex: SQL injection in Text-to-SQL feature | llamaindex | 9.8 |
| HIGH | CVE-2024-14021 | llamaindex: Deserialization enables RCE | llamaindex | 7.8 |
| HIGH | CVE-2024-58339 | llamaindex: Resource Exhaustion enables DoS | llamaindex | 7.5 |
Frequently asked questions
How many known vulnerabilities affect Llamaindex?
6 AI/ML CVEs affecting Llamaindex products are tracked, sourced from NVD and GitHub Advisory.
What Llamaindex products are affected?
The CVEs below map to the Llamaindex AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Llamaindex vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Llamaindex for new vulnerabilities?
AI Threat Alert tracks Llamaindex continuously; a Pro subscription adds breaking alerts when new CVEs affecting Llamaindex are published.
How do I assess Llamaindex's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Llamaindex issues first and judge the exposure for your stack.