PyPI: pandasai

CVE-2023-39661

Safety vulnerability ID: SFTY-20230815-39471

Safety legacy ID: pyup.io-65038

An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.

PyPI

NVD

GHSA

Created at: Mar 4, 2026Updated at: Mar 4, 2026

Overview

PandasAI vulnerable to arbitrary code execution

Advisory

An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.

Affected Package

Affecting pandasai package, versions

>=0,<=0.8.1

Also affects

---

How to Fix

Upgrade

pandasai

0.8.2

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20230815-39471/CVE-2023-39661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39661
https://github.com/gventuri/pandas-ai/issues/410
https://nvd.nist.gov/vuln/detail/CVE-2023-39661
https://github.com/gventuri/pandas-ai/issues/410
https://github.com/advisories/GHSA-8fp9-43pw-56vw

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more