{"id":"GHSA-v3c8-3pr6-gr7p","summary":"llama_index vulnerable to SQL Injection","details":"Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.","aliases":["CVE-2025-1793"],"modified":"2026-02-04T03:52:31.856882Z","published":"2025-06-05T06:30:26Z","related":["CGA-pr3v-c234-3288"],"database_specific":{"github_reviewed_at":"2025-06-06T17:24:32Z","severity":"CRITICAL","cwe_ids":["CWE-89"],"nvd_published_at":"2025-06-05T05:15:23Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-1793"},{"type":"WEB","url":"https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e"},{"type":"PACKAGE","url":"https://github.com/run-llama/llama_index"},{"type":"WEB","url":"https://huntr.com/bounties/8cb1555a-9655-4122-b0d6-60059e79183c"}],"affected":[{"package":{"name":"llama-index","ecosystem":"PyPI","purl":"pkg:pypi/llama-index"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12.28"}]}],"versions":["0.10.0","0.10.1","0.10.10","0.10.11","0.10.12","0.10.13","0.10.13.post1","0.10.14","0.10.15","0.10.16","0.10.17","0.10.18","0.10.19","0.10.20","0.10.22","0.10.23","0.10.24","0.10.25","0.10.26","0.10.27","0.10.28","0.10.29","0.10.3","0.10.30","0.10.31","0.10.32","0.10.33","0.10.34","0.10.35","0.10.36","0.10.37","0.10.38","0.10.39","0.10.4","0.10.40","0.10.41","0.10.42","0.10.43","0.10.44","0.10.45","0.10.45.post1","0.10.46","0.10.47","0.10.48","0.10.48.post1","0.10.49","0.10.5","0.10.50","0.10.51","0.10.52","0.10.53","0.10.54","0.10.54.post1","0.10.55","0.10.56","0.10.57","0.10.58","0.10.59","0.10.5a1","0.10.6","0.10.61","0.10.62","0.10.63","0.10.64","0.10.65","0.10.67.post1","0.10.68","0.10.7","0.10.8","0.10.9","0.11.0","0.11.1","0.11.10","0.11.11","0.11.12","0.11.13","0.11.14","0.11.15","0.11.16","0.11.17","0.11.18","0.11.19","0.11.2","0.11.20","0.11.21","0.11.22","0.11.23","0.11.3","0.11.4","0.11.5","0.11.6","0.11.7","0.11.8","0.11.9","0.12.0","0.12.1","0.12.10","0.12.11","0.12.12","0.12.13","0.12.14","0.12.15","0.12.16","0.12.17","0.12.18","0.12.19","0.12.2","0.12.20","0.12.21","0.12.22","0.12.23","0.12.24","0.12.25","0.12.26","0.12.27","0.12.3","0.12.4","0.12.5","0.12.6","0.12.7","0.12.8","0.12.9","0.4.10","0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.16","0.4.17","0.4.18","0.4.19","0.4.20","0.4.21","0.4.22","0.4.22.post1","0.4.23","0.4.24","0.4.25","0.4.26","0.4.27","0.4.28","0.4.29","0.4.30","0.4.31","0.4.32","0.4.33","0.4.34","0.4.35","0.4.35.post1","0.4.36","0.4.37","0.4.38","0.4.39","0.4.4","0.4.4.post1","0.4.4.post2","0.4.40","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.13.post1","0.5.15","0.5.16","0.5.17","0.5.17.post1","0.5.18","0.5.19","0.5.2","0.5.20","0.5.21","0.5.22","0.5.23","0.5.23.post1","0.5.25","0.5.26","0.5.27","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.0a1","0.6.0a2","0.6.0a3","0.6.0a4","0.6.0a5","0.6.0a6","0.6.0a7","0.6.1","0.6.10","0.6.10.post1","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.16","0.6.16.post1","0.6.17","0.6.18","0.6.19","0.6.2","0.6.20","0.6.21.post1","0.6.22","0.6.23","0.6.24","0.6.25","0.6.25.post1","0.6.26","0.6.27","0.6.28","0.6.29","0.6.30","0.6.31","0.6.32","0.6.33","0.6.34","0.6.34.post1","0.6.35","0.6.36","0.6.37","0.6.38","0.6.38.post1","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.10","0.7.10.post1","0.7.11","0.7.11.post1","0.7.12","0.7.13","0.7.14","0.7.15","0.7.16","0.7.17","0.7.18","0.7.19","0.7.2","0.7.20","0.7.21","0.7.22","0.7.23","0.7.24.post1","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.1.post1","0.8.10","0.8.10.post1","0.8.11","0.8.11.post1","0.8.11.post2","0.8.11.post3","0.8.12","0.8.13","0.8.14","0.8.15","0.8.16","0.8.17","0.8.18","0.8.19","0.8.2","0.8.2.post1","0.8.20","0.8.21","0.8.22","0.8.23","0.8.23.post1","0.8.24","0.8.24.post1","0.8.25","0.8.26","0.8.26.post1","0.8.27","0.8.28","0.8.28a1","0.8.29","0.8.29.post1","0.8.3","0.8.30","0.8.31","0.8.32","0.8.33","0.8.34","0.8.35","0.8.36","0.8.37","0.8.38","0.8.39","0.8.39.post2","0.8.4","0.8.40","0.8.41","0.8.42","0.8.43","0.8.43.post1","0.8.44","0.8.45","0.8.45.post1","0.8.46","0.8.47","0.8.48","0.8.49","0.8.5","0.8.5.post1","0.8.5.post2","0.8.50","0.8.51","0.8.51.post1","0.8.52","0.8.53","0.8.53.post3","0.8.54","0.8.55","0.8.56","0.8.57","0.8.58","0.8.59","0.8.6","0.8.61","0.8.62","0.8.63.post1","0.8.63.post2","0.8.64","0.8.64.post1","0.8.65","0.8.66","0.8.67","0.8.68","0.8.69","0.8.69.post1","0.8.69.post2","0.8.7","0.8.8","0.8.9","0.9.0","0.9.0.post1","0.9.0a1","0.9.0a2","0.9.0a3","0.9.1","0.9.10","0.9.10a1","0.9.10a2","0.9.11","0.9.11.post1","0.9.12","0.9.12a1","0.9.12a2","0.9.12a3","0.9.12a4","0.9.12a5","0.9.12a6","0.9.13","0.9.14","0.9.14.post1","0.9.14.post2","0.9.14.post3","0.9.15","0.9.15.post1","0.9.15.post2","0.9.16","0.9.16.dev1","0.9.16.dev2","0.9.16.post1","0.9.17","0.9.17.dev1","0.9.18","0.9.19","0.9.2","0.9.20","0.9.21","0.9.22","0.9.23","0.9.24","0.9.25","0.9.25.post1","0.9.25a1","0.9.25a2","0.9.26","0.9.27","0.9.28","0.9.28.post1","0.9.28.post2","0.9.29","0.9.3","0.9.3.post1","0.9.30","0.9.31","0.9.32","0.9.33","0.9.33a2","0.9.33a3","0.9.33a4","0.9.33a5","0.9.33a6","0.9.34","0.9.35","0.9.36","0.9.37","0.9.37.post1","0.9.38","0.9.39","0.9.4","0.9.40","0.9.41","0.9.42","0.9.42.post1","0.9.42.post2","0.9.43","0.9.44","0.9.45","0.9.45.post1","0.9.46","0.9.47","0.9.48","0.9.5","0.9.6","0.9.6.post1","0.9.6.post2","0.9.7","0.9.8","0.9.8.post1","0.9.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-v3c8-3pr6-gr7p/GHSA-v3c8-3pr6-gr7p.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}