VYPR

Langroid

by Langchain AI

pypi: langroid

Source repositories

CVEs (5)

  • CVE-2026-25879CriJun 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or…

  • CVE-2026-25481Feb 4, 2026
    risk 0.00cvss epss 0.01

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/utils/pandas_utils.py…

  • CVE-2025-46725May 20, 2025
    risk 0.00cvss epss 0.00

    Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through…

  • CVE-2025-46724May 20, 2025
    risk 0.00cvss epss 0.01

    Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection.…

  • CVE-2025-46726May 5, 2025
    risk 0.00cvss epss 0.01

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information.…