sinaptik-ai/pandas-ai

sinaptik-ai/pandas-ai

Releases211

Frequency4 days 5 hours

Last Release 8 months ago

Stars23.6K

Chat with your database or your datalake (SQL, CSV, parquet). PandasAI makes data analysis conversational using LLMs and RAG.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-30273 ↗	Apr 1, 2026Wednesday, 1 April 2026, 17:28	7.3 HIGH	—
pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.
CVE-2024-23752 ↗	Jan 22, 2024Monday, 22 January 2024, 01:15	9.8 CRITICAL	—
GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.
CVE-2023-39660 ↗	Aug 21, 2023Monday, 21 August 2023, 17:15	9.8 CRITICAL	—
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.
CVE-2023-39661 ↗	Aug 15, 2023Tuesday, 15 August 2023, 17:15	9.8 CRITICAL	—
An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.