pkg:PyPI/llama-index-core

All known vulnerabilities

• CRITICAL9.8CVE-2024-45201LlamaIndex includes an exec call for `import {cls_name}`
  from 0, < 0.10.38
• CRITICAL9.8CVE-2024-3271llama-index-core Command Injection vulnerability
  from 0, < 0.10.24
• CRITICAL9.8CVE-2024-3098llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
  from 0, < 0.10.24
• HIGH8.6LlamaIndex affected by a Denial of Service (DOS) in JSONReader
  from 0, < 0.12.38
• HIGH7.5LlamaIndex vulnerable to Path Traversal attack through its encode_image function
  >= 0.11.23, < 0.12.41
• HIGH7.5LlamaIndex Improper Handling of Exceptional Conditions vulnerability
  from 0, < 0.12.6
• HIGH7.3llama-index-core insecurely handles temporary files
  from 0, < 0.13.0
• MEDIUM6.5LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing
  from 0, < 0.12.38
• MEDIUM5.3llama-index-core vulnerable to Uncontrolled Resource Consumption
  from 0, < 0.12.41
• MEDIUM5.0LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
  >= 0.11.15, < 0.12.41