AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

v0.14.6

lownewsLLM-Specific

security

Source: LlamaIndex Security ReleasesOctober 25, 2025

Summary

LlamaIndex v0.14.6 is a software update released on October 26, 2025, that fixes various bugs across multiple components including support for parallel tool calls, metadata handling, embedding format compatibility, and SQL injection vulnerabilities (using parameterized queries instead of raw SQL string concatenation). The release also adds new features like async support for retrievers and integrations with new services like Helicone.

Solution / Mitigation

The source explicitly mentions one security fix: 'Replace raw SQL string interpolation with proper SQLAlchemy parameterized APIs in PostgresKVStore' (llama-index-storage-kvstore-postgres #20104). Users should update to v0.14.6 to receive this and other bug fixes. No other specific mitigation steps are described in the release notes.

Classification

Attack SophisticationTrivial

AI Component TargetedFramework

Affected Vendors

LlamaIndexAnthropicOpenAI

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

info

Anthropic doesn’t trust the Pentagon, and neither should you

Same vendorThe Verge (AI)

Original source: https://github.com/run-llama/llama_index/releases/tag/v0.14.6

First tracked: February 14, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 85%