Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

run-llama — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting run-llama. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Run-llama is an open-source framework designed to simplify the deployment and management of large language models, primarily serving developers seeking to build and scale LLM applications. Despite its utility, the project has accumulated 26 Common Vulnerabilities and Exposures (CVEs), indicating significant historical security challenges. These vulnerabilities predominantly involve remote code execution (RCE) and cross-site scripting (XSS), often stemming from inadequate input validation and improper handling of user-supplied data within the application’s API layers. Additionally, several incidents highlight privilege escalation risks, allowing attackers to gain unauthorized access to underlying system resources. The frequency of these flaws suggests that rapid feature development has occasionally outpaced rigorous security auditing. While the core technology remains valuable for AI infrastructure, the repeated discovery of critical bugs underscores the necessity for enhanced code review processes and stricter security controls in future releases to mitigate exploitation risks.

Top products by run-llama: run-llama/llama_index llama_index
CVE IDTitleCVSSSeverityPublished
CVE-2025-6208 Uncontrolled Memory Consumption in run-llama/llama_index — run-llama/llama_indexCWE-400 7.5 -2026-02-02
CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization — llama_indexCWE-502 7.8AIHighAI2026-01-12
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion — llama_indexCWE-770 7.5AIHighAI2026-01-12
CVE-2025-7707 World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index — run-llama/llama_indexCWE-377 7.8 -2025-10-13
CVE-2025-7647 Insecure Temporary File Handling in run-llama/llama_index — run-llama/llama_indexCWE-378 8.8 -2025-09-27
CVE-2025-5302 Denial of Service (DOS) in JSONReader in run-llama/llama_index — run-llama/llama_indexCWE-674 7.5 -2025-08-25
CVE-2025-6211 MD5 Hash Collision in run-llama/llama_index — run-llama/llama_indexCWE-440 8.2 -2025-07-10
CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index — run-llama/llama_indexCWE-29 7.5 -2025-07-07
CVE-2025-5472 Denial of Service via Uncontrolled Recursive JSON Parsing in JSONReader in run-llama/llama_index — run-llama/llama_indexCWE-674 7.5 -2025-07-07
CVE-2025-6210 Hardlink-Based Path Traversal in run-llama/llama_index — run-llama/llama_indexCWE-22 7.5 -2025-07-07
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index — run-llama/llama_indexCWE-22 5.3 -2025-07-07
CVE-2025-3044 MD5 Hash Collision in run-llama/llama_index — run-llama/llama_indexCWE-440 6.5 -2025-07-07
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index — run-llama/llama_indexCWE-776 7.5 -2025-07-07
CVE-2025-3108 Unsafe Deserialization in JsonPickleSerializer Enables Remote Code Execution in run-llama/llama_index — run-llama/llama_indexCWE-1112 9.8 -2025-07-06
CVE-2025-1793 SQL Injection in run-llama/llama_index — run-llama/llama_indexCWE-89 7.5AIHighAI2025-06-05
CVE-2025-1750 SQL Injection in run-llama/llama_index — run-llama/llama_indexCWE-89 9.8AICriticalAI2025-06-02
CVE-2025-1753 Command Injection in LLama-Index CLI in run-llama/llama_index — run-llama/llama_indexCWE-78 8.8AIHighAI2025-05-28
CVE-2025-1752 Denial of Service in run-llama/llama_index — run-llama/llama_indexCWE-674 7.5AIHighAI2025-05-10
CVE-2024-11958 SQL Injection in run-llama/llama_index — run-llama/llama_indexCWE-89 9.8 -2025-03-20
CVE-2024-12911 SQL Injection in run-llama/llama_index — run-llama/llama_indexCWE-89 9.1 -2025-03-20
CVE-2024-12909 SQL Injection to RCE in run-llama/llama_index — run-llama/llama_indexCWE-89 9.8 -2025-03-20
CVE-2024-12910 Denial of Service in run-llama/llama_index — run-llama/llama_indexCWE-674 7.5 -2025-03-20
CVE-2024-12704 Denial of Service (DoS) in run-llama/llama_index — run-llama/llama_indexCWE-835 7.5 -2025-03-20
CVE-2024-4181 Command Injection in run-llama/llama_index — run-llama/llama_indexCWE-94 9.8AICriticalAI2024-05-16
CVE-2024-3271 Command Injection in run-llama/llama_index — run-llama/llama_indexCWE-77 9.8 -2024-04-16
CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index — run-llama/llama_indexCWE-94 9.8AICriticalAI2024-04-10

This page lists every published CVE security advisory associated with run-llama. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.