Lucene search
K

74 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-447 PandasAI vulnerable to arbitrary code execution

An issue in pandas-ai v.0.8.1 and before allows a remote attacker to execute arbitrary code via the isjailbreak function...

9.8CVSS6.2AI score0.0117EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-448 PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.5AI score0.01183EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/01 6:36 p.m.5 views

EUVD-2026-17959

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

7.3CVSS6AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.9 views

PandasAI 安全漏洞

PandasAI is an open-source Python library developed by PandasAI. It integrates artificial intelligence functions into pandas. Version 3.0.0 of PandasAI contains a security vulnerability, which stems from an SQL injection vulnerability in the pandasai.agent.base.executesqlquery component...

7.3CVSS5.8AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/29 11:3 p.m.3 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00532EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.5 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/29 5:3 p.m.3 views

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/28 3:32 p.m.3 views

EUVD-2026-16925

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00532EPSS
Exploits0References5
NVD
NVD
added 2026/03/28 2:15 p.m.4 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS0.00532EPSS
Exploits0References4
NVD
NVD
added 2026/03/28 1:16 p.m.8 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS0.0055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/28 1:15 p.m.2 views

CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00532EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/28 1:15 p.m.38 views

CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS0.00532EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:15 p.m.3 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00532EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/28 1:15 p.m.12 views

CVE-2026-4998

CVE-2026-4998 affects Sinaptik AI PandasAI up to 3.0.0, specifically the CodeExecutor.execute function in pandasai/core/code_execution/code_executor.py within the Chat Message Handler. The description states that executing a manipulation can lead to code injection, with remote exploitation possib...

7.5CVSS6.8AI score0.00532EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/28 12:30 p.m.5 views

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/28 12:23 p.m.3 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/28 12:23 p.m.33 views

CVE-2026-4997 Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS0.0055EPSS
Exploits0References4
CVE
CVE
added 2026/03/28 12:23 p.m.15 views

CVE-2026-4997

CVE-2026-4997 affects Sinaptik AI PandasAI up to version 3.0.0. The issue resides in is_sql_query_safe within pandasai/helpers/sql_sanitizer.py, where input manipulation enables path traversal. Exploitation is remote and the exploit has been released publicly. The vendor was contacted early but d...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/28 12:23 p.m.4 views

CVE-2026-4997 Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/28 11:30 a.m.31 views

CVE-2026-4996 Sinaptik AI PandasAI pandasai-lancedb Extension lancedb.py get_relevant_docs_by_id sql injection

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS0.00259EPSS
Exploits0References4
Rows per page
Query Builder