VYPR

apk package

wolfi/py3.13-langchain

pkg:apk/wolfi/py3.13-langchain

Vulnerabilities (5)

  • CVE-2026-44843HigMay 26, 2026
    affected < 1.3.4-r0fixed 1.3.4-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths m

  • CVE-2026-40087MedApr 9, 2026
    affected < 1.3.0-r0fixed 1.3.0-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforc

  • CVE-2026-34070HigMar 31, 2026
    affected < 0fixed 0

    LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path inj

  • CVE-2026-26013Feb 10, 2026
    affected < 0fixed 0

    LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to t

  • CVE-2025-68664Dec 23, 2025
    affected < 1.2.6-r0fixed 1.2.6-r0

    LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing fre