langroid

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting langroidpage 1 of 1

CVE-2025-46724CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.53.15
2025-05-20
vulnerable: 0.1.100 ... 0.9.5 (448 versions)
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it …
CVE-2025-46725CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.53.15
2025-05-20
vulnerable: 0.1.100 ... 0.9.5 (448 versions)
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent…
CVE-2025-46726CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.53.4
2025-05-05
vulnerable: 0.1.100 ... 0.9.5 (438 versions)
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing loc…
CVE-2026-25481CRITICALCVSS 9.6EG 9.6✓ Fixed in 0.59.32
2026-02-04
vulnerable: 0.1.100 ... 0.9.5 (515 versions)
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF …

Check whether langroid is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langroid CVEs against the assets you own.

Start Free Scan →