Количество 2
Количество 2
CVE-2025-46724
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.
GHSA-jqq5-wc57-f8hj
Langroid has a Code Injection vulnerability in TableChatAgent
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-46724 Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation. | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
| GHSA-jqq5-wc57-f8hj Langroid has a Code Injection vulnerability in TableChatAgent | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу