Prompt Injection

pandasai is vulnerable to Prompt Injection. The vulnerability is due to insufficient input validation in the interactive prompt function, allowing prompt injection to execute arbitrary Python code...

CVE-2024-12366 CVE-2024-12366

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution RCE instead of the intended explanation of the natural language processing by the LLM...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-811)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-811 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python...

PT-2024-34371 · Schrödinger · Pymol

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

Prompt Injection

Vanna is vulnerable to Prompt Injection. The vulnerability is due to improper input validation in the Vanna library's "ask" method, when allowing external input with "visualize" set to True, which allows a user to execute arbitrary python code...

GHSA-7735-W2JP-GVG6 Vanna prompt injection code execution

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

Oracle Linux 7 : python-reportlab (ELSA-2023-5616)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5616 advisory. 2.5-11 - Do not evaluate unichar element - Resolves: RHEL-7011 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

GHSA-58H8-44MG-R43X ReviewBoard and Djblets library are vulnerable to code execution

An eval vulnerability exists in Python Software Foundation Djblets version before 0.6.30 and 0.7.0 before 0.7.19 and Beanbag Review Board before 1.7.15 when parsing JSON requests allowing an attacker to execute arbitrary Python code...

Py2Play Unpickles Untrusted Objects

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes...

Input validation

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges...

Code injection

Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access...

GHSA-X64G-WJMW-W328 Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

CVE-2019-3575

Sqlayamlfixtures 0.9.1 allows local users to execute arbitrary python code via the fixturetext argument in sqlayamlfixtures.load...

PYSEC-2019-52

Sqlayamlfixtures 0.9.1 allows local users to execute arbitrary python code via the fixturetext argument in sqlayamlfixtures.load...

Database Anonymization Arbitrary Code Execution Vulnerability in Multiple Odoo Products

Odoo formerly OpenERP and others are products of the Belgian company Odoo, an Enterprise Resource Planning ERP and Customer Relationship Management CRM system; Odoo Community Edition is its Community Edition; Odoo Enterprise Edition is its Enterprise Edition.Database Database Anonymization module...