VYPR

apk package

wolfi/py3.10-langchain-text-splitters

pkg:apk/wolfi/py3.10-langchain-text-splitters

Vulnerabilities (2)

  • CVE-2026-41481MedApr 24, 2026
    affected < 1.1.2-r0fixed 1.1.2-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but then performed the fetch with requests.get() with redirects en

  • CVE-2025-6985HigOct 6, 2025
    affected < 0.3.11-r0fixed 0.3.11-r0

    The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse