VYPR

npm package

langchain

pkg:npm/langchain

Vulnerabilities (2)

  • CVE-2025-68665Dec 23, 2025
    affected >= 1.0.0, < 1.2.3fixed 1.2.3

    LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ify

  • CVE-2024-7774Oct 29, 2024
    affected < 0.2.19fixed 0.2.19

    A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is expl