Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-2582
  • PyPI/langsmith
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning 6 days ago
  • Fix available
  • Severity - 7.1 (High)
PYSEC-2026-2583
  • PyPI/langsmith
LangSmith SDK: Streaming token events bypass output redaction 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
PYSEC-2026-2584
  • PyPI/langsmith
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection 6 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-f4xh-w4cj-qxq8
  • PyPI/langsmith
LangSmith SDK TracingMiddleware: Arbitrary server-side file read 19 Jun
  • Fix available
  • Severity - 7.7 (High)
GHSA-3644-q5cj-c5c7
  • PyPI/langchain
  • PyPI/langchain-classic
  • PyPI/langsmith
  • npm/langsmith
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning 13 May
  • Fix available
  • Severity - 7.1 (High)
GHSA-rr7j-v2q5-chgv
  • PyPI/langsmith
  • npm/langsmith
LangSmith SDK: Streaming token events bypass output redaction 16 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-v34v-rq6j-cj6p
  • PyPI/langsmith
  • npm/langsmith
LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection 09 Feb
  • Fix available
  • Severity - 5.8 (Medium)