Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-3644-q5cj-c5c7
  • PyPI/langchain
  • PyPI/langchain-classic
  • PyPI/langsmith
  • npm/langsmith
 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning 13 May
  • Fix available
  • Severity - 7.1 (High)
GHSA-pjwx-r37v-7724
  • PyPI/langchain-core
 LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists 08 May
  • Fix available
  • Severity - 8.2 (High)
GHSA-jv4p-mhmp-69vw
  • PyPI/langchain-chatchat
 Langchain-Chatchat Uses Insufficiently Random Values 05 May
  • No fix available
  • Severity - 1.2 (Low)
GHSA-wmvv-fhm6-w34x
  • PyPI/langchain-chatchat
 Langchain-Chatchat Uses a Broken or Risky Cryptographic Algorithm 05 May
  • No fix available
  • Severity - 1.2 (Low)
GHSA-x229-w2j4-h748
  • PyPI/langchain-chatchat
 Langchain-Chatchat has a Race Condition in its OpenAI-Compatible File Upload API 05 May
  • No fix available
  • Severity - 1.2 (Low)
PYSEC-2026-76
  • PyPI/langchain-openai
 See record for full details 24 Apr
  • Fix available
  • Severity - 3.1 (Low)
PYSEC-2026-77
  • PyPI/langchain-text-splitters
 See record for full details 24 Apr
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-r7w7-9xr2-qq2r
  • PyPI/langchain-openai
 langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding 16 Apr
  • Fix available
  • Severity - 3.1 (Low)
GHSA-fv5p-p927-qmxr
  • PyPI/langchain-text-splitters
 LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass 16 Apr
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-926x-3r5x-gfhw
  • PyPI/langchain-core
 LangChain has incomplete f-string validation in prompt templates 08 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qh6h-p6c9-ff54
  • PyPI/langchain-core
 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions 27 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-2g6r-c272-w58r
  • PyPI/langchain-core
 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages 11 Feb
  • Fix available
  • Severity - 3.7 (Low)
PYSEC-2026-75
  • PyPI/langchain-exa
 See record for full details 12 Jan
  • Fix available
  • Severity - 7.5 (High)
GHSA-c67j-w6g6-q2cm
  • PyPI/langchain-core
 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs 23 Dec 2025
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-6qv9-48xg-fc7f
  • PyPI/langchain-core
 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates 20 Nov 2025
  • Fix available
  • Severity - 8.3 (High)
GHSA-m42m-m8cr-8m58
  • PyPI/langchain-text-splitters
 LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing 06 Oct 2025
  • Fix available
  • Severity - 7.5 (High)
Load more...