| CVE-2026-45134 |
high |
7.1 |
7.1 |
|
|
|
16d ago |
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_promp… |
| CVE-2024-8309 |
unknown |
— |
— |
|
|
|
2y ago |
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain-community version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data m… |
| CVE-2024-2965 |
unknown |
— |
— |
|
|
|
2y ago |
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sit… |
| CVE-2024-3571 |
unknown |
— |
— |
|
|
|
2y ago |
langchain vulnerable to path traversal |
| CVE-2024-28088 |
unknown |
— |
— |
|
|
|
2y ago |
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading co… |
| CVE-2024-0243 |
unknown |
— |
— |
|
|
|
2y ago |
With the following crawler configuration:
```python
from bs4 import BeautifulSoup as Soup
url = "https://example.com"
loader = RecursiveUrlLoader(
url=url, max_depth=2, extractor=lambda x: Soup… |
| CVE-2023-32785 |
unknown |
— |
— |
|
|
|
3y ago |
Langchain SQL Injection vulnerability |
| CVE-2023-32786 |
unknown |
— |
— |
|
|
|
3y ago |
Langchain Server-Side Request Forgery vulnerability |
| CVE-2023-46229 |
unknown |
— |
— |
|
|
|
3y ago |
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. |
| CVE-2023-39631 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. |
| CVE-2023-36281 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. |
| CVE-2023-38860 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. |
| CVE-2023-38896 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. |
| CVE-2023-39659 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. |
| CVE-2023-36095 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_obj… |
| CVE-2023-36189 |
unknown |
— |
— |
|
|
|
3y ago |
SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. |
| CVE-2023-36188 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. |
| CVE-2023-36258 |
unknown |
— |
— |
|
|
|
3y ago |
An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method. |
| CVE-2023-34541 |
unknown |
— |
— |
|
|
|
3y ago |
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. |
| CVE-2023-34540 |
unknown |
— |
— |
|
|
|
3y ago |
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution. |
| CVE-2023-29374 |
unknown |
— |
— |
|
|
|
3y ago |
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. |