VYPR

PyPI package

langsmith

pkg:pypi/langsmith

Vulnerabilities (3)

  • CVE-2026-45134HigMay 27, 2026
    affected < 0.8.0fixed 0.8.0

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize

  • CVE-2026-41182MedApr 23, 2026
    affected < 0.7.31fixed 0.7.31

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming

  • CVE-2026-25528MedFeb 9, 2026
    affected >= 0.4.10, < 0.6.3fixed 0.6.3

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. The LangSmith SDK's distributed tracing feature is vulnerable to Server-Side Request Forgery via malicious HTTP headers. An attacker can inject arbitrary api_url values through the baggage header, ca