Description
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c
Scores
CVSS v3
9.8
EPSS
0.0006
EPSS Percentile
17.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (2)
llamaindex/llamaindex
0.12.21 - 0.12.28
pypi/llama-index
0 - 0.12.28PyPI
Published
Jun 05, 2025
Tracked Since
Feb 18, 2026