VYPR

Langchainjs

by Langchain AI

Source repositories

CVEs (4)

  • CVE-2026-26019Feb 11, 2026
    risk 0.00cvss epss 0.00

    LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option (enabled by default) is intended to restrict…

  • CVE-2025-68665Dec 23, 2025
    risk 0.00cvss epss 0.01

    LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when…

  • CVE-2024-7042Oct 29, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service…

  • CVE-2024-7774Oct 29, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is…