CVE-2024-45201
- EPSS 0.21%
- Veröffentlicht 22.08.2024 20:15:10
- Zuletzt bearbeitet 21.10.2025 18:59:17
An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
CVE-2024-4181
- EPSS 1.62%
- Veröffentlicht 16.05.2024 09:15:15
- Zuletzt bearbeitet 21.10.2025 11:36:16
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the ...
CVE-2024-3271
- EPSS 2.27%
- Veröffentlicht 16.04.2024 00:15:12
- Zuletzt bearbeitet 30.07.2025 00:14:52
A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM,...
CVE-2024-23751
- EPSS 0.36%
- Veröffentlicht 22.01.2024 01:15:08
- Zuletzt bearbeitet 20.06.2025 19:15:35
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be a...