OSV - Open Source Vulnerabilities

MAL-2026-2310

PyPI/lakeflow-community-connectors

Malicious code in lakeflow-community-connectors (PyPI)

31 Mar

No fix available

GHSA-pc6w-59fv-rh23

PyPI/langchain-community

Langchain Community Vulnerable to XML External Entity (XXE) Attacks

04 Sep 2025

Fix available
Severity - 7.5 (High)

GHSA-h5gc-rm8j-5gpr

PyPI/langchain-community

LangChain Community SSRF vulnerability exists in RequestsToolkit component

23 Jun 2025

Fix available
Severity - 8.4 (High)

PYSEC-2025-70

PyPI/langchain-community
github.com/langchain-ai/langchain

See record for full details

23 Jun 2025

Fix available
Severity - 10.0 (Critical)

PYSEC-2024-115

PyPI/langchain
PyPI/langchain-community
github.com/langchain-ai/langchain

See record for full details

05 Nov 2024

Fix available
Severity - 9.8 (Critical)

GHSA-45pg-36p6-83v9

PyPI/langchain
PyPI/langchain-community

Langchain SQL Injection vulnerability

29 Oct 2024

Fix available
Severity - 2.1 (Low)

GHSA-f2jm-rw3h-6phg

PyPI/langchain-community

LangChain pickle deserialization of untrusted data

17 Sep 2024

Fix available
Severity - 8.4 (High)

GHSA-3hjh-jh2h-vrg6

PyPI/langchain
PyPI/langchain-community

Denial of service in langchain-community

06 Jun 2024

Fix available
Severity - 4.2 (Medium)

GHSA-q25c-c977-4cmh

PyPI/langchain-community

Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

06 Jun 2024

Fix available
Severity - 4.8 (Medium)

PYSEC-2024-278

PyPI/langchain-community

See record for full details

01 Mar 2024

No fix available
Severity - 9.8 (Critical)