Pandas-AI SQL Injection Vulnerability in Version 3.0.0

Vulnerability

A SQL injection vulnerability exists in Pandas-AI version 3.0.0, specifically within the SQL query execution component. This vulnerability allows attackers to inject malicious input that could be used to read arbitrary files from the database server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data stored in the database, allowing attackers to read files that could contain confidential information.

Added: Apr 1, 2026, 5:49 PM

Updated: Apr 1, 2026, 5:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

8.1

remediation

0.0

relevance

4.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

8.1

remediation

0.0

relevance

4.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pandas-AI SQL Injection Vulnerability in Version 3.0.0

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating