VYPR

apk package

chainguard/py3.11-langchain

pkg:apk/chainguard/py3.11-langchain

Vulnerabilities (4)

  • CVE-2026-44843HigMay 26, 2026
    affected < 1.3.4-r0fixed 1.3.4-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths m

  • CVE-2026-40087MedApr 9, 2026
    affected < 1.3.0-r0fixed 1.3.0-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforc

  • CVE-2026-34070HigMar 31, 2026
    affected < 0fixed 0

    LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path inj

  • CVE-2025-68664Dec 23, 2025
    affected < 1.2.6-r0fixed 1.2.6-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing fre