VYPR

Langgraph

by Langchain AI

pypi: langgraph

Source repositories

CVEs (8)

  • CVE-2026-48775MedJun 16, 2026
    risk 0.44cvss 6.8epss 0.00

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where…

  • CVE-2025-64439HigNov 7, 2025
    risk 0.41cvss epss 0.01

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 2.1.2 and below, the JsonPlusSerializer (used as the default serialization protocol for all checkpointing) contains a Remote Code…

  • CVE-2025-64104HigOct 29, 2025
    risk 0.40cvss 7.3epss 0.00

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without…

  • CVE-2025-8709HigOct 26, 2025
    risk 0.40cvss 7.3epss 0.00

    A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne,…

  • CVE-2026-28277MedMar 5, 2026
    risk 0.37cvss 6.8epss 0.05

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during…

  • CVE-2026-27794MedFeb 25, 2026
    risk 0.36cvss 6.6epss 0.01

    LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via…

  • CVE-2026-48776Jun 16, 2026
    risk 0.00cvss epss 0.00

    LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request…

  • CVE-2025-67644Dec 10, 2025
    risk 0.00cvss epss 0.02

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL…