LlamaIndex (Python) – Support, CVEs & Health

Security

Known Vulnerabilities

10 active CVEs reported via OSV.dev

GHSA-2jxw-4hm4-6w87 CVSS_V3

SQL injection in llama-index

Published: 2024-01-22 No fix available

GHSA-2xxc-73fv-36f7 CVSS_V3

llama-index vulnerable to arbitrary code execution

Published: 2023-08-15 Fixed in: 0.9.14

GHSA-5hq9-5r78-2gjh CVSS_V3

LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

Published: 2025-07-10 Fixed in: 0.12.41

GHSA-7c85-87cp-mr6g CVSS_V3

LlamaIndex Vulnerable to Denial of Service (DoS)

Published: 2025-05-10 Fixed in: 0.12.21

GHSA-jmgm-gx32-vp4w CVSS_V3

LlamaIndex vulnerable to Creation of Temporary File in Directory with Insecure Permissions

Published: 2025-03-20 Fixed in: 0.12.3

GHSA-jvpf-xf32-2w4q CVSS_V3

LlamaIndex Uncontrolled Resource Consumption vulnerability

Published: 2025-03-20 Fixed in: 0.12.9

GHSA-pw38-xv9x-h8ch CVSS_V3

RunGptLLM class in LlamaIndex has a command injection

Published: 2024-05-16 Fixed in: 0.10.13

GHSA-rg9h-vx28-xxp5 CVSS_V3

llama-index has Insecure Temporary File

Published: 2025-10-13 Fixed in: 0.13.0

GHSA-v3c8-3pr6-gr7p CVSS_V3

llama_index vulnerable to SQL Injection

Published: 2025-06-05 Fixed in: 0.12.28

PYSEC-2023-148 CVSS_V3

Published: 2023-08-15 Fixed in: 0.7.14