Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vv2h-2w3q-3fx7: PandasAI interactive prompt function Remote Code Execution (RCE)

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation of the natural language processing by the LLM. The security controls of PandasAI (2.4.3 and earlier) fail to distinguish between legitimate and malicious inputs, allowing the attackers to manipulate the system into executing untrusted code, leading to untrusted code execution (RCE), system compromise, or pivoting attacks on connected services.

5 hours ago

PandasAI interactive prompt function Remote Code Execution (RCE)

High severity GitHub Reviewed Published Feb 11, 2025 to the GitHub Advisory Database • Updated Feb 11, 2025

ghsa: Latest News

GHSA-qrm9-f75w-hg4c: Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

2 hours ago

GHSA-79v4-65xg-pq4g: Vulnerable OpenSSL included in cryptography wheels

2 hours ago

GHSA-phw4-mc57-4hwc: Distribution's token authentication allows to inject an untrusted signing key in a JWT

3 hours ago

GHSA-vv2h-2w3q-3fx7: PandasAI interactive prompt function Remote Code Execution (RCE)

5 hours ago

GHSA-vq52-99r9-h5pw: Server-side Request Forgery (SSRF) in hackney

14 hours ago