pandasai

Latest secure version 3.0.0

Chat with your database (SQL, CSV, pandas, mongodb, noSQL, etc). PandasAI makes data analysis conversational using LLMs (GPT 3.5 / 4, Anthropic, VertexAI) and RAG.

GitHub

PyPI

MIT

All Versions

Vulnerabilities (Public)

Known vulnerabilities and security issues detected in the extension's dependencies and code.

Vulnerability ID	Advisory				Affected Versions
CVE-2024-12366	PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of th…	Critical	–	–	<2.4.2
CVE-2024-23752	GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attack…	Critical	–	–	<=1.5.17
CVE-2023-39660	An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.	Critical	–	–	>=0,<0.8.1
CVE-2023-39661	An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.	Critical	–	–	>=0,<=0.8.1

Safety Discovered Vulnerabilities

Additional security issues found by Safety, exclusive to our platform.

Safety discovered vulnerability data is available for Enterprise customers

Book a call with us to see Safety in action.

Vulnerable Functions

Functions linked to known vulnerabilities in this package.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.