Sinaptik Ai Pandasai vulnerabilities
4 known vulnerabilities affecting sinaptik_ai/pandasai.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-12366P2CRITICALCVSS 9.8v2.4.02025-02-11
CVE-2024-12366 [CRITICAL] CVE-2024-12366: PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrar
PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM.
ghsanvdosv
CVE-2026-4998P3HIGHCVSS 7.3v3.02026-03-28
CVE-2026-4998 [HIGH] CWE-74 CVE-2026-4998: A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the f
A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/code_execution/code_executor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The exploit has been made available to t
nvd
CVE-2026-4996P3HIGHCVSS 7.3v0.1.0v0.1.1+3 more2026-03-28
CVE-2026-4996 [HIGH] CWE-74 CVE-2026-4996: A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the fu
A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id of the file extensions/ee/vectorstores/lancedb/pandasai_lancedb/lancedb.py of the component pandasai-lancedb Exten
nvd
CVE-2026-4997P3MEDIUMCVSS 5.3v3.02026-03-28
CVE-2026-4997 [MEDIUM] CWE-22 CVE-2026-4997: A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function i
A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function is_sql_query_safe of the file pandasai/helpers/sql_sanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted e
nvd