All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2024-46946 | A vulnerability exists in langchain_experimental affected versions where the LLMSymbolicMathChain was introduced because it passes untrusted input directly to sympy.sympify, which uses eval() internal… | Critical | – | – | >=0.1.17,<0.3.1 |
| CVE-2024-27444 | Langchain-experimental (aka LangChain Experimental) allows attackers to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getatt… | Critical | – | – | <0.0.52 |
| CVE-2023-44467 | Langchain_experimental allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method. | Critical | – | – | <0.0.24 |
| CVE-2024-21513 | Affected versions of langchain-experimental are vulnerable to Arbitrary Code Execution. When retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can ex… | High | – | – | >=0.0.15,<0.0.21 |
| CVE-2024-38459 | Langchain-experimental (aka LangChain Experimental) before 0.0.61 provides Python REPL access without an opt-in step. NOTE: This issue exists because of an incomplete fix for CVE-2024-27444. | High | – | – | <0.0.61 |
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.