PyPI: langchain-community

CVE-2024-2965

Safety vulnerability ID: SFTY-20240606-35211

Safety legacy ID: pyup.io-71614

Affected versions of Langchain-community are vulnerable to Denial of service in SitemapLoader Document Loader. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.

PythonPyPINVDNVDGitHubGHSA
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Denial of service in langchain-community

Advisory

Affected versions of Langchain-community are vulnerable to Denial of service in SitemapLoader Document Loader. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.

Affected Package

Affecting langchain-community package, versions
<0.2.5

Also affects

---

How to Fix

Upgrade
langchain-community
to
0.2.5
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more