Vendor CVEs
Langchain AI
All CVEs
61 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46229 | 0.00 | — | 0.45 | Oct 19, 2023 | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | |||
| CVE-2023-44467 | 0.00 | — | 0.01 | Oct 9, 2023 | langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py. | |||
| CVE-2023-36281 | 0.00 | — | 0.03 | Aug 22, 2023 | An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. | |||
| CVE-2023-38860 | 0.00 | — | 0.01 | Aug 15, 2023 | An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | |||
| CVE-2023-39659 | 0.00 | — | 0.01 | Aug 15, 2023 | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | |||
| CVE-2023-36188 | 0.00 | — | 0.02 | Jul 6, 2023 | An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | |||
| CVE-2023-36189 | 0.00 | — | 0.01 | Jul 6, 2023 | SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | |||
| CVE-2023-36258 | 0.00 | — | 0.01 | Jul 3, 2023 | An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. | |||
| CVE-2023-34541 | 0.00 | — | 0.01 | Jun 20, 2023 | Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | |||
| CVE-2023-34540 | 0.00 | — | 0.02 | Jun 14, 2023 | Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference,… | |||
| CVE-2023-29374 | 0.00 | — | 0.40 | Apr 5, 2023 | In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. |
- CVE-2023-46229Oct 19, 2023risk 0.00cvss —epss 0.45
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
- CVE-2023-44467Oct 9, 2023risk 0.00cvss —epss 0.01
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
- CVE-2023-36281Aug 22, 2023risk 0.00cvss —epss 0.03
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
- CVE-2023-38860Aug 15, 2023risk 0.00cvss —epss 0.01
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
- CVE-2023-39659Aug 15, 2023risk 0.00cvss —epss 0.01
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
- CVE-2023-36188Jul 6, 2023risk 0.00cvss —epss 0.02
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
- CVE-2023-36189Jul 6, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
- CVE-2023-36258Jul 3, 2023risk 0.00cvss —epss 0.01
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
- CVE-2023-34541Jun 20, 2023risk 0.00cvss —epss 0.01
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
- CVE-2023-34540Jun 14, 2023risk 0.00cvss —epss 0.02
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference,…
- CVE-2023-29374Apr 5, 2023risk 0.00cvss —epss 0.40
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
Page 2 of 2