PyPI: langchain-experimental

CVE-2024-21513

Safety vulnerability ID: SFTY-20240715-04015

Safety legacy ID: pyup.io-72182

Affected versions of langchain-experimental are vulnerable to Arbitrary Code Execution. When retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain.

PythonPyPINVDNVDGitHubGHSA
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

langchain-experimental vulnerable to Arbitrary Code Execution

Advisory

Affected versions of langchain-experimental are vulnerable to Arbitrary Code Execution. When retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain.

Affected Package

Affecting langchain-experimental package, versions
>=0.0.15,<0.0.21

Also affects

---

How to Fix

Upgrade
langchain-experimental
to
0.0.21
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more