All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2025-2828 | Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to a lack of proper URL validation in the RequestsToolkit component. The RequestsToolkit fails to enforce res… | Critical | – | – | <0.0.28 |
| CVE-2024-8309 | Affected versions of langchain-ai/langchain are vulnerable to SQL injection through GraphCypherQAChain class. This vulnerability allows attackers to manipulate database queries via malicious input in … | Critical | – | – | >=0.2.0,<0.2.19 |
| CVE-2025-6984 | Affected versions of the langchain-community package are vulnerable to XML External Entity (XXE) Injection due to the use of `etree.iterparse` without disabling external entity resolution. ([GitHub][1… | High | – | – | <0.3.27 |
| CVE-2024-5998 | Affected versions of the langchain package are vulnerable to Deserialization of Untrusted Data due to unsafe pickle deserialization in the FAISS vector store implementation. The FAISS.deserialize_from… | High | – | – | <0.2.4 |
| CVE-2024-3095 | A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of affected versions of langchain-ai/langchain. The vulnerability arises because the Web Research Retr… | High | – | – | <0.2.9 |
| CVE-2024-2965 | Affected versions of Langchain-community are vulnerable to Denial of service in SitemapLoader Document Loader. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a m… | Medium | – | – | <0.2.5 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.