| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-64104 | LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore | langchain-ai | langgraph | High | 7.3 | 2025-10-29 18:55:06 | Deep Dive |
| CVE-2025-8709 | SQL Injection in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 中危 | - | 2025-10-26 05:38:55 | Deep Dive |
| CVE-2025-6985 | XXE Vulnerability in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | - | - | 2025-10-06 17:58:29 | Deep Dive |
| CVE-2025-6984 | Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 高危 | - | 2025-09-04 08:07:42 | Deep Dive |
| CVE-2025-6855 | chatchat-space Langchain-Chatchat file path traversal | chatchat-space | Langchain-Chatchat | Medium | 5.5 | 2025-06-29 09:00:15 | Deep Dive |
| CVE-2025-6854 | chatchat-space Langchain-Chatchat files path traversal | chatchat-space | Langchain-Chatchat | Medium | 4.3 | 2025-06-29 08:31:05 | Deep Dive |
| CVE-2025-6853 | chatchat-space Langchain-Chatchat Backend upload_temp_docs path traversal | chatchat-space | Langchain-Chatchat | Medium | 6.3 | 2025-06-29 07:31:05 | Deep Dive |
| CVE-2025-2828 | SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 高危 | - | 2025-06-23 20:42:29 | Deep Dive |
| CVE-2024-10940 | Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 中危 | - | 2025-03-20 10:08:49 | Deep Dive |
| CVE-2024-8309 | SQL Injection in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 中危 | - | 2024-10-29 12:50:13 | Deep Dive |
| CVE-2024-7042 | Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection | langchain-ai | langchain-ai/langchainjs | - | - | 2024-10-29 12:50:05 | Deep Dive |
| CVE-2024-7774 | Path Traversal in langchain-ai/langchainjs | langchain-ai | langchain-ai/langchainjs | - | - | 2024-10-29 12:49:21 | Deep Dive |
| CVE-2024-5998 | Deserialization of Untrusted Data in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 中危 | - | 2024-09-17 11:50:14 | Deep Dive |
| CVE-2024-21513 | LangChain 安全漏洞 | - | langchain-experimental | High | 8.5 | 2024-07-15 05:00:04 | Deep Dive |
| CVE-2024-2965 | Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | - | - | 2024-06-06 18:52:54 | Deep Dive |
| CVE-2024-3095 | SSRF in Langchain Web Research Retriever in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | - | - | 2024-06-06 18:28:56 | Deep Dive |
| CVE-2024-3571 | Path Traversal in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | 中危 | - | 2024-04-16 00:00:15 | Deep Dive |
| CVE-2024-1455 | Billion Laughs Attack leading to DoS in langchain-ai/langchain | langchain-ai | langchain-ai/langchain | - | - | 2024-03-26 14:03:47 | Deep Dive |
| CVE-2024-2057 | LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery | LangChain | langchain_community | Medium | 6.3 | 2024-03-01 11:31:04 | Deep Dive |
| CVE-2024-0243 | Server-side Request Forgery In Recursive URL Loader | langchain-ai | langchain-ai/langchain | 中危 | - | 2024-02-24 17:59:26 | Deep Dive |