PyPI: langfuse

CVE-2023-48309

Safety vulnerability ID: SFTY-20231120-87171

Safety legacy ID: pyup.io-74718

Langfuse 2.93.5 upgrades the next-auth dependency from ^4.24.7 to ^4.24.11 to fix a security vulnerability identified as CVE-2023-48309.

PythonPyPINVDNVD
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Langfuse 2.93.5 upgrades the next-auth dependency from ^4.24.7 to ^4.24.11 to fix a security vulnerability identified as CVE-2023-48309.

Advisory

Langfuse 2.93.5 upgrades the next-auth dependency from ^4.24.7 to ^4.24.11 to fix a security vulnerability identified as CVE-2023-48309.

Affected Package

Affecting langfuse package, versions
<2.93.5

Also affects

---

How to Fix

Upgrade
langfuse
to
3.0.0a4
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more