—
PYSEC-2026-1757
pandasai vulnerable to prompt injection
Details
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-39660 [ADVISORY]
- https://github.com/gventuri/pandas-ai/issues/399 [WEB]
- https://github.com/gventuri/pandas-ai/pull/409 [WEB]
- https://github.com/gventuri/pandas-ai/commit/3aac79be8fc1d18b53d66a566adddbbdd2b38ad5 [FIX]
- https://github.com/gventuri/pandas-ai [PACKAGE]
- https://pypi.org/project/pandasai [PACKAGE]
- https://github.com/advisories/GHSA-w832-v3c6-m6rg [ADVISORY]