PyPI: langchain

CVE-2023-32785

Safety vulnerability ID: SFTY-20231021-46511

In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.

PyPI

NVD

GHSA

Created at: Oct 11, 2025Updated at: Oct 11, 2025

Overview

Langchain SQL Injection vulnerability

Advisory

Langchain SQL Injection vulnerability

Affected Package

Affecting langchain package, versions

< 0.0.247

Also affects

---

How to Fix

Upgrade

langchain

0.0.247

or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

https://getsafety.com/vulnerabilities/SFTY-20231021-46511/CVE-2023-32785
https://nvd.nist.gov/vuln/detail/CVE-2023-32785
https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841
https://github.com/advisories/GHSA-8h5w-f6q9-wg35

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more