Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-2575
  • PyPI/langgraph-sdk
LangGraph SDK has unsafe URL path construction 5 days ago
  • Fix available
  • Severity - 4.2 (Medium)
PYSEC-2026-2573
  • PyPI/langgraph-checkpoint
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading 5 days ago
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-2574
  • PyPI/langgraph-checkpoint
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution 5 days ago
  • Fix available
  • Severity - 6.6 (Medium)
PYSEC-2026-1530
  • PyPI/langgraph-checkpoint-sqlite
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method 07 Jul
  • Fix available
  • Severity - 7.3 (High)
PYSEC-2026-1527
  • PyPI/langgraph-checkpoint
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer 07 Jul
  • Fix available
  • Severity - 7.4 (High)
PYSEC-2026-1529
  • PyPI/langgraph-checkpoint-sqlite
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore 07 Jul
  • Fix available
  • Severity - 7.3 (High)
PYSEC-2026-1528
  • PyPI/langgraph-checkpoint-sqlite
LangGraph's SQLite store implementation has a SQL Injection Vulnerability 07 Jul
  • Fix available
  • Severity - 7.3 (High)
GHSA-w39p-vh2g-g8g5
  • PyPI/langgraph-sdk
LangGraph SDK has unsafe URL path construction 25 Jun
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-fjqc-hq36-qh5p
  • PyPI/langgraph-checkpoint
LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading 25 Jun
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-2194
  • PyPI/langgraph
See record for full details 17 Jun
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-g48c-2wqr-h844
  • PyPI/langgraph
LangGraph checkpoint loading has unsafe msgpack deserialization 05 Mar
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-83
  • PyPI/langgraph
See record for full details 05 Mar
  • Fix available
  • Severity - 7.2 (High)
GHSA-mhr3-j7m5-c7c9
  • PyPI/langgraph-checkpoint
LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution 25 Feb
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-9rwj-6rc7-p77c
  • PyPI/langgraph-checkpoint-sqlite
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method 10 Dec 2025
  • Fix available
  • Severity - 7.3 (High)
GHSA-wwqv-p2pp-99h5
  • PyPI/langgraph-checkpoint
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer 05 Nov 2025
  • Fix available
  • Severity - 7.4 (High)
GHSA-7p73-8jqx-23r8
  • PyPI/langgraph-checkpoint-sqlite
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore 29 Oct 2025
  • Fix available
  • Severity - 7.3 (High)