langchain
PyPI21 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting langchainpage 1 of 1
- CVE-2023-29374CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.1322023-04-05
vulnerable: 0.0.1 ... 0.0.99rc0 (133 versions)
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
- CVE-2023-32786HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.3292023-10-20
vulnerable: 0.0.1 ... 0.0.99rc0 (329 versions)
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
- CVE-2023-34540CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2252023-06-14
vulnerable: 0.0.1 ... 0.0.99rc0 (226 versions)
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As…
- CVE-2023-34541CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2472023-06-20
vulnerable: 0.0.1 ... 0.0.99rc0 (250 versions)
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
- CVE-2023-36095CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2362023-08-05
vulnerable: 0.0.1 ... 0.0.99rc0 (237 versions)
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
- CVE-2023-36188CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2472023-07-06
vulnerable: 0.0.1 ... 0.0.99rc0 (250 versions)
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
- CVE-2023-36189HIGHCVSS 7.5EG 7.5✓ Fixed in 0.0.2472023-07-06
vulnerable: 0.0.1 ... 0.0.99rc0 (250 versions)
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
- CVE-2023-36258CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2472023-07-03
vulnerable: 0.0.1 ... 0.0.99rc0 (250 versions)
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
- CVE-2023-36281CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.1712023-08-22
vulnerable: 0.0.1 ... 0.0.99rc0 (172 versions)
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
- CVE-2023-38860CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2472023-08-15
vulnerable: 0.0.1 ... 0.0.99rc0 (250 versions)
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
- CVE-2023-38896CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.1952023-08-15
vulnerable: 0.0.1 ... 0.0.99rc0 (196 versions)
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
- CVE-2023-39631CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.3082023-09-01
vulnerable: 0.0.1 ... 0.0.307 (309 versions)
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
- CVE-2023-39659CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.2332023-08-15
vulnerable: 0.0.1 ... 0.0.99rc0 (234 versions)
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
- CVE-2023-46229HIGHCVSS 8.8EG 8.8✓ Fixed in 0.0.3172023-10-19
vulnerable: 0.0.1 ... v0.0.64 (576 versions)
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
- CVE-2024-0243HIGHCVSS 8.1EG 8.1✓ Fixed in 0.1.02024-02-26
vulnerable: 0.0.1 ... 0.0.99rc0 (365 versions)
With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.…
- CVE-2024-28088HIGHCVSS 8.1EG 8.1✓ Fixed in 0.1.112024-03-04
vulnerable: 0.0.1 ... 0.1.9 (376 versions)
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/lan…
- CVE-2024-2965MEDIUMCVSS 4.7EG 4.7✓ Fixed in 0.2.52024-06-06
vulnerable: 0.0.1 ... v0.0.64 (715 versions)
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mecha…
- CVE-2024-3571HIGHCVSS 8.8EG 8.8✓ Fixed in 0.0.3532024-04-16
vulnerable: 0.0.1 ... 0.0.99rc0 (363 versions)
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write …
- CVE-2024-8309CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.2.02024-10-29
vulnerable: 0.0.1 ... v0.0.64 (943 versions)
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service …
- CVE-2026-45134HIGHCVSS 7.1EG 7.1✓ Fixed in 0.3.302026-05-27
vulnerable: 0.0.1 ... 0.3.9 (440 versions)
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPro…
- CVE-2026-55443MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.3.92026-06-22
vulnerable: 0.0.1 ... 1.3.8 (502 versions)
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended r…
Check whether langchain is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langchain CVEs against the assets you own.
Start Free Scan →