Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
ECHO-34c7-ca18-1a8c
  • PyPI/langchain-core
 See record for full details 2 days ago
  • Fix available
GHSA-926x-3r5x-gfhw
  • PyPI/langchain-core
 LangChain has incomplete f-string validation in prompt templates 08 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qh6h-p6c9-ff54
  • PyPI/langchain-core
 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions 27 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-2g6r-c272-w58r
  • PyPI/langchain-core
 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages 11 Feb
  • Fix available
  • Severity - 3.7 (Low)
GHSA-c67j-w6g6-q2cm
  • PyPI/langchain-core
 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs 23 Dec 2025
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-6qv9-48xg-fc7f
  • PyPI/langchain-core
 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates 20 Nov 2025
  • Fix available
  • Severity - 8.3 (High)
GHSA-5chr-fjjv-38qv
  • PyPI/langchain-core
 langchain-core allows unauthorized users to read arbitrary files from the host file system 20 Mar 2025
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-q84m-rmw3-4382
  • PyPI/langchain-core
 LangChain's XMLOutputParser vulnerable to XML Entity Expansion 26 Mar 2024
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-h59x-p739-982c
  • PyPI/langchain
  • PyPI/langchain-core
 LangChain directory traversal vulnerability 04 Mar 2024
  • Fix available
PYSEC-2024-45
  • PyPI/langchain-core
 See record for full details 04 Mar 2024
  • Fix available