VYPR
Vendor

Langchain AI

Products
12
CVEs
61
Across products
62
Status
Private

Products

12

Recent CVEs

61
View all 61 CVEs →
  • CVE-2025-46059CriJul 29, 2025
    risk 0.64cvss 9.8epss 0.01

    langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the…

  • CVE-2026-25879CriJun 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or…

  • CVE-2026-30617HigApr 15, 2026
    risk 0.56cvss 8.6epss 0.00

    LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands…

  • CVE-2026-44843HigMay 26, 2026
    risk 0.53cvss 8.2epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths…

  • CVE-2025-65106HigNov 21, 2025
    risk 0.47cvss epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template…

  • CVE-2026-48775MedJun 16, 2026
    risk 0.44cvss 6.8epss 0.00

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where…

  • CVE-2026-41481MedApr 24, 2026
    risk 0.42cvss 6.5epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe_url() but then performed the fetch with requests.get() with redirects…

  • CVE-2026-34070HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.01

    LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path…

  • CVE-2025-6985HigOct 6, 2025
    risk 0.42cvss 7.5epss 0.01

    The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using…

  • CVE-2025-6984HigSep 4, 2025
    risk 0.42cvss 7.5epss 0.02

    The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external…

  • CVE-2025-64439HigNov 7, 2025
    risk 0.41cvss epss 0.01

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 2.1.2 and below, the JsonPlusSerializer (used as the default serialization protocol for all checkpointing) contains a Remote Code…

  • CVE-2025-64104HigOct 29, 2025
    risk 0.40cvss 7.3epss 0.00

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without…

  • CVE-2025-8709HigOct 26, 2025
    risk 0.40cvss 7.3epss 0.00

    A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne,…

  • CVE-2026-45134HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and…

  • CVE-2026-28277MedMar 5, 2026
    risk 0.37cvss 6.8epss 0.05

    LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during…

  • CVE-2026-27794MedFeb 25, 2026
    risk 0.36cvss 6.6epss 0.01

    LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via…

  • CVE-2026-27022MedFeb 20, 2026
    risk 0.36cvss 6.5epss 0.04

    @langchain/langgraph-checkpoint-redis is the Redis checkpoint and store implementation for LangGraph. A query injection vulnerability exists in the @langchain/langgraph-checkpoint-redis package's filter handling. The RedisSaver and ShallowRedisSaver classes construct RediSearch…

  • CVE-2026-40087MedApr 9, 2026
    risk 0.27cvss 5.3epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without…

  • CVE-2024-10940MedMar 20, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by…

  • CVE-2026-41488LowApr 24, 2026
    risk 0.20cvss 3.1epss 0.00

    LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network…