Description

Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.

INFO

Published Date :

2025-05-20T17:22:13.475Z

Last Modified :

2025-05-20T17:53:34.242Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46724 vulnerability.

Vendors Products
Langroid
  • Langroid
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46724.

URL Resource
https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6 cve-icon cve-icon
https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact