Gabrieleventuri Pandasai — known CVE vulnerabilities
Every CVE whose affected-product data names Gabrieleventuri Pandasai, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-39660 — CVSS 9.8 (critical): An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the…
CVE-2023-39661 — CVSS 9.8 (critical): An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function.
CVE-2024-23752 — CVSS 9.8 (critical): GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of…
CVE-2026-30273 — CVSS 7.3 (high): pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component.