VDB
KO

PYSEC-2026-1757

pandasai vulnerable to prompt injection

Details

An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pandasai
Introduced in: 0 Fixed in: 0.8.1
Fix pip install --upgrade 'pandasai>=0.8.1'

References