CVE-2025-0185

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function vn.gettrainingplangenericdfinformationschema, which does not properly sanitize user inputs before executing queries...

CVE-2025-0185

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function vn.gettrainingplangenericdfinformationschema, which does not properly sanitize user inputs before executing queries...

PT-2025-12302 · Pandas +1 · Pandas +1

Name of the Vulnerable Software and Affected Versions: Dify Tools versions prior to the fixed version Description: A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify, which stems from the vulnerability of the Vanna module of Dify Tools to a Pandas query injection attack that could lead to remote code execution...