VYPR

npm package

@langchain/community

pkg:npm/%40langchain/community

Vulnerabilities (3)

  • CVE-2026-27795MedFeb 25, 2026
    affected < 1.1.18fixed 1.1.18

    LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to fol

  • CVE-2026-26019Feb 11, 2026
    affected < 1.1.14fixed 1.1.14

    LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option (enabled by default) is intended to restrict crawli

  • CVE-2024-7042Oct 29, 2024
    affected < 0.3.3fixed 0.3.3

    A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS)