Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-926x-3r5x-gfhw
  • PyPI/langchain-core
 LangChain has incomplete f-string validation in prompt templates 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qh6h-p6c9-ff54
  • PyPI/langchain-core
 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions 27 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-2g6r-c272-w58r
  • PyPI/langchain-core
 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages 11 Feb
  • Fix available
  • Severity - 3.7 (Low)
GHSA-c67j-w6g6-q2cm
  • PyPI/langchain-core
 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs 23 Dec 2025
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-6qv9-48xg-fc7f
  • PyPI/langchain-core
 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates 20 Nov 2025
  • Fix available
  • Severity - 8.3 (High)
GHSA-m42m-m8cr-8m58
  • PyPI/langchain-text-splitters
 LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing 06 Oct 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-pc6w-59fv-rh23
  • PyPI/langchain-community
 Langchain Community Vulnerable to XML External Entity (XXE) Attacks 04 Sep 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-8v8h-4pjx-rg73
  • PyPI/langchain-chatchat
 Langchain-Chatchat vulnerable to path traversal 29 Jun 2025
  • No fix available
  • Severity - 2.1 (Low)
GHSA-f823-phmg-x5fr
  • PyPI/langchain-chatchat
 Langchain-Chatchat vulnerable to path traversal 29 Jun 2025
  • No fix available
  • Severity - 2.0 (Low)
GHSA-qmgv-j263-qr33
  • PyPI/langchain-chatchat
 Langchain-Chatchat has a Path Traversal vulnerability 29 Jun 2025
  • No fix available
  • Severity - 2.1 (Low)
GHSA-h5gc-rm8j-5gpr
  • PyPI/langchain-community
 LangChain Community SSRF vulnerability exists in RequestsToolkit component 23 Jun 2025
  • Fix available
  • Severity - 8.4 (High)
PYSEC-2025-70
  • PyPI/langchain-community
  • github.com/langchain-ai/langchain
 See record for full details 23 Jun 2025
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-5chr-fjjv-38qv
  • PyPI/langchain-core
 langchain-core allows unauthorized users to read arbitrary files from the host file system 20 Mar 2025
  • Fix available
  • Severity - 5.3 (Medium)
PYSEC-2024-115
  • PyPI/langchain
  • PyPI/langchain-community
  • github.com/langchain-ai/langchain
 See record for full details 05 Nov 2024
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-45pg-36p6-83v9
  • PyPI/langchain
  • PyPI/langchain-community
 Langchain SQL Injection vulnerability 29 Oct 2024
  • Fix available
  • Severity - 2.1 (Low)
GHSA-p2qj-r53j-h3xj
  • PyPI/langchain-experimental
 LangChain Experimental Eval Injection vulnerability 19 Sep 2024
  • No fix available
  • Severity - 9.3 (Critical)
Load more...(3 pages left)