Lucene search
K

16 matches found

OSV
OSV
added 5 days ago5 views

PYSEC-2026-448 PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.5AI score0.0122EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.7 views

PandasAI 代码注入漏洞

PandasAI is a Python library that integrates artificial intelligence functions into pandas, making data frames interactive. Versions of PandasAI 3.0.0 and earlier contained a code injection vulnerability, which was caused by incorrect operations on the CodeExecutor.execute function, potentially...

7.5CVSS7.2AI score0.00532EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2372

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01267EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/02/13 1:28 p.m.5 views

CVE-2024-12366

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...

9.8CVSS7.9AI score0.0122EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/02/11 3:32 p.m.6 views

date-a-scientist (>=0.1.18 <=0.1.19) potentially affected by CVE-2024-12366 via pandasai (=2.3.0)

pandasai PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on pandasai and may be impacted: - date-a-scientist =0.1.18, =0.1.19 Source cves: CVE-2024-12366 Source advisory: SNYK:PYTHON-PANDASAI-8715593...

9.8CVSS5.8AI score0.0122EPSS
Exploits0
Snyk
Snyk
added 2025/02/11 3:32 p.m.2 views

Arbitrary Code Injection

Overview pandasai is a Pandas AI is a Python library that integrates generative artificial intelligence capabilities into Pandas, making dataframes conversational. Affected versions of this package are vulnerable to Arbitrary Code Injection through the interactive prompt function. An attacker wit...

9.8CVSS8.2AI score0.0122EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/02/11 3:32 p.m.3 views

date-a-scientist (>=0.1.0 <=0.1.19), exposeq (>=4.0.7 <=4.6.1) +3 more potentially affected by CVE-2024-12366 via pandasai (>=1.3.3 <=2.4.2)

pandasai PYPI version =1.3.3, =0.1.0, =4.0.7, =0.0.0, =0.0.3 Source cves: CVE-2024-12366 Source advisory: OSV:GHSA-VV2H-2W3Q-3FX7...

9.8CVSS5.8AI score0.0122EPSS
Exploits0
OSV
OSV
added 2025/02/11 3:32 p.m.1 views

GHSA-VV2H-2W3Q-3FX7 PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS6.5AI score0.0122EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/02/11 3:32 p.m.8 views

PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI 2.4.3 and earlier fail ...

9.8CVSS10AI score0.0122EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/02/11 1:15 p.m.6 views

CVE-2024-12366

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...

9.8CVSS0.0122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/11 12:42 p.m.2 views

CVE-2024-12366 CVE-2024-12366

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...

10AI score0.0122EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 12:42 p.m.53 views

CVE-2024-12366

CVE-2024-12366 affects PandasAI: its interactive prompt function is vulnerable to prompt injection, allowing an attacker to instruct the LLM to generate and execute arbitrary Python code within the process, causing Remote Code Execution (RCE) and potential system compromise or pivoting to connect...

9.8CVSS10AI score0.0122EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/11 12:42 p.m.8 views

CVE-2024-12366 CVE-2024-12366

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...

0.0122EPSS
Exploits0References2
CERT
CERT
added 2025/02/11 12:0 a.m.8 views

PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

Overview PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, potentially achieving arbitrary code execution. In response, SinaptikAI has implemented...

9.8CVSS10AI score0.0122EPSS
Exploits0References4
CNVD
CNVD
added 2024/11/26 12:0 a.m.14 views

PandasAI Command Injection Vulnerability

PandasAI is a data processing application that combines Pandas, a data manipulation and analysis library, with AI, allowing users to interact with data through natural language without having to write complex code. PandasAI has a command injection vulnerability that can be exploited by an attacke...

7.6AI score
Exploits0References1
OSV
OSV
added 2024/01/22 1:15 a.m.7 views

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

9.8CVSS9.6AI score
Exploits0References1
Rows per page
Query Builder