logo

Database

Insecure functionality In llama-index-readers-papers

Description

LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions A vulnerability in the ArxivReader class of the run-llama/llama_index repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in llama-index-readers-papers version 0.3.1 (in llama-index 0.12.28).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-30442. NVD-2025-30443. OSV-2025-30444. GCVE-2025-3044

References

1. https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e2. https://github.com/run-llama/llama_index/commit/f69e1c0e7579228fec4cfaf716e4f951e131de773. https://huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.