CVE-2024-23751

LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input.

Published: Jan 22, 2024
Updated: May 4, 2025
CVE: CVE-2024-23751
GHSA: GHSA-2jxw-4hm4-6w87
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
llama-index	-	0.9.35.x
llamaindex / llamaindex	-	0.9.34.x

https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-12.yaml
https://github.com/run-llama/llama_index/issues/9957

Vulnerability Database

CVE-2024-23751