VYPR

apk package

chainguard/py3-supported-langchain-text-splitters

pkg:apk/chainguard/py3-supported-langchain-text-splitters

Vulnerabilities (1)

  • CVE-2025-6985HigOct 6, 2025
    affected < 0.3.11-r0fixed 0.3.11-r0

    The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse