Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

langchain-ai — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting langchain-ai. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by langchain-ai:langchain-ai/langchainlangchainlanggraphlangchainjslangsmith-sdklangchain-ai/langchainjslanggraphjslanggraph-checkpointhelmlangchain-openailangchain-text-splitters
CVE IDTitleCVSSSeverityPublished
CVE-2026-41488 angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding — langchain-openaiCWE-918 3.1 Low2026-04-24
CVE-2026-41481 LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass — langchain-text-splittersCWE-918 6.5 Medium2026-04-24
CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction — langsmith-sdkCWE-200 5.3 Medium2026-04-23
CVE-2026-40190 LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()` — langsmith-sdkCWE-1321 5.6 Medium2026-04-10
CVE-2026-40087 LangChain has incomplete f-string validation in prompt templates — langchainCWE-1336 5.3 Medium2026-04-09
CVE-2026-34070 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions — langchainCWE-22 7.5 High2026-03-31
CVE-2026-28277 LangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading — langgraphCWE-502 6.8 Medium2026-03-05
CVE-2026-25750 LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl — helmCWE-74 8.9AIHighAI2026-03-04
CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader — langchainjsCWE-918 4.1 Medium2026-02-25
CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution — langgraph-checkpointCWE-502 6.6 Medium2026-02-25
CVE-2026-27022 RediSearch Query Injection in @langchain/langgraph-checkpoint-redis — langgraphjsCWE-74 6.5 Medium2026-02-20
CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation — langchainjsCWE-918 4.1 Medium2026-02-11
CVE-2026-26013 LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages — langchainCWE-918 3.7 Low2026-02-10
CVE-2026-25528 LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection — langsmith-sdkCWE-918 5.8 Medium2026-02-09
CVE-2025-68665 LangChain serialization injection vulnerability enables secret extraction — langchainjsCWE-502 8.6 High2025-12-23
CVE-2025-68664 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs — langchainCWE-502 9.3 Critical2025-12-23
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method — langgraphCWE-89 7.3 High2025-12-10
CVE-2025-65106 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates — langchainCWE-1336 8.8 -2025-11-21
CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer — langgraphCWE-502 8.8 -2025-11-07
CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore — langgraphCWE-89 7.3 High2025-10-29
CVE-2025-8709 SQL Injection in langchain-ai/langchain — langchain-ai/langchainCWE-89 9.8 -2025-10-26
CVE-2025-6985 XXE Vulnerability in langchain-ai/langchain — langchain-ai/langchainCWE-611 7.5AIHighAI2025-10-06
CVE-2025-6984 Sensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchain — langchain-ai/langchainCWE-200 7.5 -2025-09-04
CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain — langchain-ai/langchainCWE-918 7.5 -2025-06-23
CVE-2024-10940 Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain — langchain-ai/langchainCWE-497 7.5 -2025-03-20
CVE-2024-8309 SQL Injection in langchain-ai/langchain — langchain-ai/langchainCWE-89 9.8 -2024-10-29
CVE-2024-7042 Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection — langchain-ai/langchainjsCWE-89 9.8AICriticalAI2024-10-29
CVE-2024-7774 Path Traversal in langchain-ai/langchainjs — langchain-ai/langchainjsCWE-29 9.8AICriticalAI2024-10-29
CVE-2024-5998 Deserialization of Untrusted Data in langchain-ai/langchain — langchain-ai/langchainCWE-502 9.8 -2024-09-17
CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain — langchain-ai/langchainCWE-674 7.5AIHighAI2024-06-06

This page lists every published CVE security advisory associated with langchain-ai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.