Langchain
This hub aggregates every CVE we track for Langchain, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
28
CVEs tracked
15
Critical
10
High
0
In CISA KEV
Severity distribution
CRITICAL15HIGH10MEDIUM3
Monthly trend
0
1
3
0
0
0
0
0
0
0
1
0
0
0
0
0
0
1
0
0
1
1
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Langchain.
- CVE-2026-44843LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists8.2
- CVE-2026-40087LangChain has incomplete f-string validation in prompt templates5.3
- CVE-2024-58340LangChain <= 0.3.1 MRKLOutputParser ReDoS7.5
- CVE-2025-2828SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain10.0
- CVE-2024-8309SQL Injection in langchain-ai/langchain9.8
- CVE-2024-7042Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection9.8
- CVE-2024-7774Path Traversal in langchain-ai/langchainjs9.1
- CVE-2024-5998Deserialization of Untrusted Data in langchain-ai/langchain7.8
- CVE-2024-3095SSRF in Langchain Web Research Retriever in langchain-ai/langchain7.7
- CVE-2024-3571Path Traversal in langchain-ai/langchain8.8
- CVE-2024-1455Billion Laughs Attack leading to DoS in langchain-ai/langchain5.9
- CVE-2024-28088LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading ...8.1
- CVE-2024-2057LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery6.3
- CVE-2024-0243Server-side Request Forgery In Recursive URL Loader8.1
- CVE-2023-32786In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into down...7.5
Product normalization is registry-driven with AI assist and human review. How it works