VYPR

Langchain Community

by Langchain AI

Source repositories

CVEs (3)

  • CVE-2025-6984HigSep 4, 2025
    risk 0.42cvss 7.5epss 0.02

    The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external…

  • CVE-2026-27795MedFeb 25, 2026
    risk 0.20cvss 4.1epss 0.00

    LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to…

  • CVE-2024-2057Mar 1, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side…