All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2025-68664 | Affected versions of the langchain-core package are vulnerable to Deserialization of Untrusted Data due to improper escaping of user-controlled dictionaries containing the internal 'lc' serialization … | Critical | – | – | >=1.0.0,<1.2.5 <0.3.81 |
| CVE-2026-44843 | Affected versions of the langchain-core package are vulnerable to Unsafe Deserialisation due to runtime code paths that call load() with allowed_objects="all", permitting any trusted LangChain-seriali… | High | – | – | >=1.0.0,<=1.3.2 |
| CVE-2026-34070 | Affected versions of the langchain-core package are vulnerable to Path Traversal due to improper validation of file paths embedded in deserialized prompt configuration dictionaries. The load_prompt() … | High | – | – | <1.2.22 |
| CVE-2025-65106 | Affected versions of the langchain-core package are vulnerable to Template Injection due to improper neutralization of attribute access and indexing expressions in prompt templates constructed from un… | High | – | – | >=1.0.0,<=1.0.6 <=0.3.79 |
| CVE-2024-28088 | Affected versions of the LangChain package are vulnerable to Path Traversal due to improper sanitization of the path parameter in the `load_chain` call. The `load_chain` function allows user input to … | High | – | – | <0.1.30 |
| CVE-2024-0243 | Affected versions of the `langchain` package are vulnerable to Server-Side Request Forgery (SSRF) due to inadequate handling of external URLs in `recursive_url_loader.py`. The vulnerability exists bec… | High | – | – | >=0.0.13rc1,<0.1.7 |
| SFTY-20260408-37813 | LangChain has incomplete f-string validation in prompt templates | Medium | – | – | < 0.3.83 >= 1.0.0a1, < 1.2.28 |
| CVE-2024-10940 | A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the… | Medium | – | – | >=0.1.17,<0.1.53 >=0.2.0,<0.2.43 >=0.3.0,<0.3.15 |
| CVE-2024-1455 | Affected versions of the langchain package are vulnerable to XML External Entity (XXE) Injection due to unrestricted XML entity expansion in the langchain_core.output_parsers.xml.XMLOutputParser compo… | Medium | – | – | <0.1.35 |
| CVE-2026-26013 | Affected versions of the langchain-core package are vulnerable to Server-Side Request Forgery (SSRF) due to fetching user-supplied image_url values during token counting without URL validation. In Cha… | Low | – | – | <1.2.11 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.