All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2024-8309 | Langchain SQL Injection vulnerability | Critical | – | – | < 0.2.0 |
| CVE-2024-27444 | langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __built… | Critical | – | – | <0.1.8 |
| CVE-2023-32785 | Langchain SQL Injection vulnerability | Critical | – | – | < 0.0.247 |
| CVE-2026-45134 | langsmith – Deserialization of Untrusted Data | High | – | – | < 0.3.30 |
| CVE-2024-3571 | Affected versions of the langchain package are vulnerable to Path Traversal due to improper limitation of a pathname to a restricted directory in the langchain.storage.file_system.LocalFileStore compo… | High | – | – | <0.0.353 |
| CVE-2024-28088 | Affected versions of the LangChain package are vulnerable to Path Traversal due to improper sanitization of the path parameter in the `load_chain` call. The `load_chain` function allows user input to … | High | – | – | >=0.0.75,<=0.0.340 |
| CVE-2024-0243 | langchain Server-Side Request Forgery vulnerability | High | – | – | < 0.1.0 |
| CVE-2024-2965 | Denial of service in langchain-community | Medium | – | – | >= 0, < 0.2.5 |
| CVE-2024-1455 | Langchains 0.1.14 updates its dependency 'langchain-core' in poetry.lock to version 0.1.37 to include a fix for a XML Entity Expansion vulnerability. | Medium | – | – | >=0,<0.1.14 |
| CVE-2024-21503 | Langchain version 0.1.14 addresses CVE-2024-21503, updating the "black" python linter from version 24.2.0 to 24.3.0. This update remedies a Regex-related denial of service vulnerability present in the… | Medium | – | – | <0.1.14 |
Page 1
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.