langchain
AI / MLoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting langchain.
- CVE-2026-48776LangGraph SDK has unsafe URL path construction4.2
- CVE-2026-48775LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading6.8
- CVE-2026-44843LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists8.2
- CVE-2026-41488angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding3.1
- CVE-2026-41481LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass6.5
- CVE-2026-40087LangChain has incomplete f-string validation in prompt templates5.3
- CVE-2024-58340LangChain <= 0.3.1 MRKLOutputParser ReDoS7.5
- CVE-2025-2828SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain10.0
- CVE-2024-8309SQL Injection in langchain-ai/langchain9.8
- CVE-2024-7042Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection9.8
- CVE-2024-7774Path Traversal in langchain-ai/langchainjs9.1
- CVE-2024-5998Deserialization of Untrusted Data in langchain-ai/langchain7.8
- CVE-2024-21513Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval...8.5
- CVE-2024-38459langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024...7.8
- CVE-2024-3095SSRF in Langchain Web Research Retriever in langchain-ai/langchain7.7