Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langchain@0.0.59
Typepypi
Namespace
Namelangchain
Version0.0.59
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.1
Latest_non_vulnerable_version0.3.30
Affected_by_vulnerabilities
0
url VCID-23um-cqks-tkc5
vulnerability_id VCID-23um-cqks-tkc5
summary A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain-community version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8309.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8309.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8309
reference_id
reference_type
scores
0
value 0.02002
scoring_system epss
scoring_elements 0.8401
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8309
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/64c317eba05fbac0c6a6fc5aa192bc0d7130972e
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/64c317eba05fbac0c6a6fc5aa192bc0d7130972e
4
reference_url https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:16Z/
url https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-115.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-115.yaml
6
reference_url https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:16Z/
url https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322452
reference_id 2322452
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322452
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8309
reference_id CVE-2024-8309
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8309
9
reference_url https://github.com/advisories/GHSA-45pg-36p6-83v9
reference_id GHSA-45pg-36p6-83v9
reference_type
scores
url https://github.com/advisories/GHSA-45pg-36p6-83v9
fixed_packages
0
url pkg:pypi/langchain@0.2.0
purl pkg:pypi/langchain@0.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-964p-24u8-yucb
1
vulnerability VCID-fdk5-mhqa-mqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.2.0
aliases CVE-2024-8309, GHSA-45pg-36p6-83v9, PYSEC-2024-115
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23um-cqks-tkc5
1
url VCID-2cuv-kudj-c3cg
vulnerability_id VCID-2cuv-kudj-c3cg
summary An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39659
reference_id
reference_type
scores
0
value 0.01594
scoring_system epss
scoring_elements 0.82042
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39659
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/commit/cadfce295f8a33828fc635c2e5ea28b883e5c992
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/cadfce295f8a33828fc635c2e5ea28b883e5c992
3
reference_url https://github.com/langchain-ai/langchain/issues/7700
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-08T20:27:51Z/
url https://github.com/langchain-ai/langchain/issues/7700
4
reference_url https://github.com/langchain-ai/langchain/pull/12427
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/12427
5
reference_url https://github.com/langchain-ai/langchain/pull/5640
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-08T20:27:51Z/
url https://github.com/langchain-ai/langchain/pull/5640
6
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.325
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.325
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-147.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-147.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39659
reference_id CVE-2023-39659
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39659
9
reference_url https://github.com/advisories/GHSA-prgp-w7vf-ch62
reference_id GHSA-prgp-w7vf-ch62
reference_type
scores
url https://github.com/advisories/GHSA-prgp-w7vf-ch62
fixed_packages
0
url pkg:pypi/langchain@0.0.233
purl pkg:pypi/langchain@0.0.233
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cyy-g843-9qec
2
vulnerability VCID-52vp-m7t5-hqas
3
vulnerability VCID-5977-kuku-ebek
4
vulnerability VCID-964p-24u8-yucb
5
vulnerability VCID-a2h3-qgax-qbdr
6
vulnerability VCID-ayhd-z87z-jkbq
7
vulnerability VCID-ctus-n9fc-gqhu
8
vulnerability VCID-exkd-sryf-e3ad
9
vulnerability VCID-fdk5-mhqa-mqgw
10
vulnerability VCID-m5uw-4tqc-3ub8
11
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.233
1
url pkg:pypi/langchain@0.0.325
purl pkg:pypi/langchain@0.0.325
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-964p-24u8-yucb
2
vulnerability VCID-fdk5-mhqa-mqgw
3
vulnerability VCID-m5uw-4tqc-3ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.325
aliases CVE-2023-39659, GHSA-prgp-w7vf-ch62, PYSEC-2023-147
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cuv-kudj-c3cg
2
url VCID-2cyy-g843-9qec
vulnerability_id VCID-2cyy-g843-9qec
summary Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34541
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37398
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34541
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
3
reference_url https://github.com/langchain-ai/langchain/issues/4849
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/4849
4
reference_url https://github.com/langchain-ai/langchain/issues/4849#issuecomment-1697896569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/4849#issuecomment-1697896569
5
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-92.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-92.yaml
7
reference_url https://github.com/hwchase17/langchain/issues/4849
reference_id 4849
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-12-09T21:10:29Z/
url https://github.com/hwchase17/langchain/issues/4849
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34541
reference_id CVE-2023-34541
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34541
9
reference_url https://github.com/advisories/GHSA-6643-h7h5-x9wh
reference_id GHSA-6643-h7h5-x9wh
reference_type
scores
url https://github.com/advisories/GHSA-6643-h7h5-x9wh
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-52vp-m7t5-hqas
2
vulnerability VCID-964p-24u8-yucb
3
vulnerability VCID-fdk5-mhqa-mqgw
4
vulnerability VCID-m5uw-4tqc-3ub8
5
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-34541, GHSA-6643-h7h5-x9wh, PYSEC-2023-92
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cyy-g843-9qec
3
url VCID-3ve9-cev3-a7g5
vulnerability_id VCID-3ve9-cev3-a7g5
summary In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29374
reference_id
reference_type
scores
0
value 0.03769
scoring_system epss
scoring_elements 0.88269
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29374
1
reference_url https://github.com/hwchase17/langchain/issues/1026
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://github.com/hwchase17/langchain/issues/1026
2
reference_url https://github.com/hwchase17/langchain/issues/814
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://github.com/hwchase17/langchain/issues/814
3
reference_url https://github.com/hwchase17/langchain/pull/1119
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://github.com/hwchase17/langchain/pull/1119
4
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yaml
6
reference_url https://twitter.com/rharang/status/1641899743608463365/photo/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://twitter.com/rharang/status/1641899743608463365/photo/1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29374
reference_id CVE-2023-29374
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29374
8
reference_url https://github.com/advisories/GHSA-fprp-p869-w6q2
reference_id GHSA-fprp-p869-w6q2
reference_type
scores
url https://github.com/advisories/GHSA-fprp-p869-w6q2
fixed_packages
0
url pkg:pypi/langchain@0.0.132
purl pkg:pypi/langchain@0.0.132
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cuv-kudj-c3cg
2
vulnerability VCID-2cyy-g843-9qec
3
vulnerability VCID-52vp-m7t5-hqas
4
vulnerability VCID-5977-kuku-ebek
5
vulnerability VCID-964p-24u8-yucb
6
vulnerability VCID-9d9u-r5kk-6fa4
7
vulnerability VCID-a2h3-qgax-qbdr
8
vulnerability VCID-ayhd-z87z-jkbq
9
vulnerability VCID-ctus-n9fc-gqhu
10
vulnerability VCID-dv6m-m6rf-4qa9
11
vulnerability VCID-exkd-sryf-e3ad
12
vulnerability VCID-fdk5-mhqa-mqgw
13
vulnerability VCID-j2kj-2axx-rqgr
14
vulnerability VCID-m5uw-4tqc-3ub8
15
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.132
aliases CVE-2023-29374, GHSA-fprp-p869-w6q2, PYSEC-2023-18
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ve9-cev3-a7g5
4
url VCID-52vp-m7t5-hqas
vulnerability_id VCID-52vp-m7t5-hqas
summary An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39631
reference_id
reference_type
scores
0
value 0.01754
scoring_system epss
scoring_elements 0.8295
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39631
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/issues/8363
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-01T13:18:27Z/
url https://github.com/langchain-ai/langchain/issues/8363
3
reference_url https://github.com/langchain-ai/langchain/pull/11302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/11302
4
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.308
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.308
5
reference_url https://github.com/pydata/numexpr/commit/4b2d89cf14e75030d27629925b9998e1e91d23c7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pydata/numexpr/commit/4b2d89cf14e75030d27629925b9998e1e91d23c7
6
reference_url https://github.com/pydata/numexpr/issues/442
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-01T13:18:27Z/
url https://github.com/pydata/numexpr/issues/442
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-162.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-162.yaml
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/numexpr/PYSEC-2023-163.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/numexpr/PYSEC-2023-163.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39631
reference_id CVE-2023-39631
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39631
10
reference_url https://github.com/advisories/GHSA-f73w-4m7g-ch9x
reference_id GHSA-f73w-4m7g-ch9x
reference_type
scores
url https://github.com/advisories/GHSA-f73w-4m7g-ch9x
fixed_packages
0
url pkg:pypi/langchain@0.0.308
purl pkg:pypi/langchain@0.0.308
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-964p-24u8-yucb
2
vulnerability VCID-fdk5-mhqa-mqgw
3
vulnerability VCID-m5uw-4tqc-3ub8
4
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.308
aliases CVE-2023-39631, GHSA-f73w-4m7g-ch9x, PYSEC-2023-162, PYSEC-2023-163
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52vp-m7t5-hqas
5
url VCID-5977-kuku-ebek
vulnerability_id VCID-5977-kuku-ebek
summary An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36188
reference_id
reference_type
scores
0
value 0.11195
scoring_system epss
scoring_elements 0.93649
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36188
1
reference_url https://github.com/hwchase17/langchain/issues/5872
reference_id
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-19T19:03:12Z/
url https://github.com/hwchase17/langchain/issues/5872
2
reference_url https://github.com/hwchase17/langchain/pull/6003
reference_id
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-19T19:03:12Z/
url https://github.com/hwchase17/langchain/pull/6003
3
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
4
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
5
reference_url https://github.com/langchain-ai/langchain/issues/5872
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/5872
6
reference_url https://github.com/langchain-ai/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6003
7
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-109.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-109.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36188
reference_id CVE-2023-36188
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36188
fixed_packages
0
url pkg:pypi/langchain@0.0.65
purl pkg:pypi/langchain@0.0.65
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cuv-kudj-c3cg
2
vulnerability VCID-2cyy-g843-9qec
3
vulnerability VCID-3ve9-cev3-a7g5
4
vulnerability VCID-52vp-m7t5-hqas
5
vulnerability VCID-5977-kuku-ebek
6
vulnerability VCID-964p-24u8-yucb
7
vulnerability VCID-9d9u-r5kk-6fa4
8
vulnerability VCID-a2h3-qgax-qbdr
9
vulnerability VCID-ayhd-z87z-jkbq
10
vulnerability VCID-ctus-n9fc-gqhu
11
vulnerability VCID-dv6m-m6rf-4qa9
12
vulnerability VCID-exkd-sryf-e3ad
13
vulnerability VCID-fdk5-mhqa-mqgw
14
vulnerability VCID-j2kj-2axx-rqgr
15
vulnerability VCID-m5uw-4tqc-3ub8
16
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.65
1
url pkg:pypi/langchain@0.0.236
purl pkg:pypi/langchain@0.0.236
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cyy-g843-9qec
2
vulnerability VCID-52vp-m7t5-hqas
3
vulnerability VCID-5977-kuku-ebek
4
vulnerability VCID-964p-24u8-yucb
5
vulnerability VCID-a2h3-qgax-qbdr
6
vulnerability VCID-ctus-n9fc-gqhu
7
vulnerability VCID-exkd-sryf-e3ad
8
vulnerability VCID-fdk5-mhqa-mqgw
9
vulnerability VCID-m5uw-4tqc-3ub8
10
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236
2
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-52vp-m7t5-hqas
2
vulnerability VCID-964p-24u8-yucb
3
vulnerability VCID-fdk5-mhqa-mqgw
4
vulnerability VCID-m5uw-4tqc-3ub8
5
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-36188, GHSA-57fc-8q82-gfp3, PYSEC-2023-109
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5977-kuku-ebek
6
url VCID-964p-24u8-yucb
vulnerability_id VCID-964p-24u8-yucb
summary A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2965.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2965
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11758
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2965
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T13:30:27Z/
url https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82
4
reference_url https://github.com/langchain-ai/langchain/commit/9a877c7adbd06f90a2518152f65b562bd90487cc
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/9a877c7adbd06f90a2518152f65b562bd90487cc
5
reference_url https://github.com/langchain-ai/langchain/pull/22903
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/22903
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-118.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-118.yaml
7
reference_url https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T13:30:27Z/
url https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373306
reference_id 2373306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373306
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2965
reference_id CVE-2024-2965
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-2965
10
reference_url https://github.com/advisories/GHSA-3hjh-jh2h-vrg6
reference_id GHSA-3hjh-jh2h-vrg6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hjh-jh2h-vrg6
fixed_packages
0
url pkg:pypi/langchain@0.2.5
purl pkg:pypi/langchain@0.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fdk5-mhqa-mqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.2.5
aliases CVE-2024-2965, GHSA-3hjh-jh2h-vrg6, PYSEC-2024-118
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-964p-24u8-yucb
7
url VCID-9d9u-r5kk-6fa4
vulnerability_id VCID-9d9u-r5kk-6fa4
summary An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38896
reference_id
reference_type
scores
0
value 0.01049
scoring_system epss
scoring_elements 0.77896
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38896
1
reference_url https://github.com/hwchase17/langchain/issues/5872
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:02:00Z/
url https://github.com/hwchase17/langchain/issues/5872
2
reference_url https://github.com/hwchase17/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:02:00Z/
url https://github.com/hwchase17/langchain/pull/6003
3
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
4
reference_url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
5
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-146.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-146.yaml
7
reference_url https://twitter.com/llm_sec/status/1668711587287375876
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:02:00Z/
url https://twitter.com/llm_sec/status/1668711587287375876
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38896
reference_id CVE-2023-38896
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38896
9
reference_url https://github.com/advisories/GHSA-92j5-3459-qgp4
reference_id GHSA-92j5-3459-qgp4
reference_type
scores
url https://github.com/advisories/GHSA-92j5-3459-qgp4
fixed_packages
0
url pkg:pypi/langchain@0.0.195
purl pkg:pypi/langchain@0.0.195
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cuv-kudj-c3cg
2
vulnerability VCID-2cyy-g843-9qec
3
vulnerability VCID-52vp-m7t5-hqas
4
vulnerability VCID-5977-kuku-ebek
5
vulnerability VCID-964p-24u8-yucb
6
vulnerability VCID-a2h3-qgax-qbdr
7
vulnerability VCID-ayhd-z87z-jkbq
8
vulnerability VCID-ctus-n9fc-gqhu
9
vulnerability VCID-exkd-sryf-e3ad
10
vulnerability VCID-fdk5-mhqa-mqgw
11
vulnerability VCID-j2kj-2axx-rqgr
12
vulnerability VCID-m5uw-4tqc-3ub8
13
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.195
1
url pkg:pypi/langchain@0.0.236
purl pkg:pypi/langchain@0.0.236
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cyy-g843-9qec
2
vulnerability VCID-52vp-m7t5-hqas
3
vulnerability VCID-5977-kuku-ebek
4
vulnerability VCID-964p-24u8-yucb
5
vulnerability VCID-a2h3-qgax-qbdr
6
vulnerability VCID-ctus-n9fc-gqhu
7
vulnerability VCID-exkd-sryf-e3ad
8
vulnerability VCID-fdk5-mhqa-mqgw
9
vulnerability VCID-m5uw-4tqc-3ub8
10
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236
aliases CVE-2023-38896, GHSA-92j5-3459-qgp4, PYSEC-2023-146
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9d9u-r5kk-6fa4
8
url VCID-a2h3-qgax-qbdr
vulnerability_id VCID-a2h3-qgax-qbdr
summary An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36258
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.73368
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36258
1
reference_url https://github.com/hwchase17/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hwchase17/langchain
2
reference_url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
3
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
4
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
5
reference_url https://github.com/langchain-ai/langchain/issues/5872
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/5872
6
reference_url https://github.com/langchain-ai/langchain/issues/5872#issuecomment-1697785619
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/5872#issuecomment-1697785619
7
reference_url https://github.com/langchain-ai/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6003
8
reference_url https://github.com/langchain-ai/langchain/pull/7870
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/7870
9
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-98.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-98.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36258
reference_id CVE-2023-36258
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36258
12
reference_url https://github.com/advisories/GHSA-2qmj-7962-cjq8
reference_id GHSA-2qmj-7962-cjq8
reference_type
scores
url https://github.com/advisories/GHSA-2qmj-7962-cjq8
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-52vp-m7t5-hqas
2
vulnerability VCID-964p-24u8-yucb
3
vulnerability VCID-fdk5-mhqa-mqgw
4
vulnerability VCID-m5uw-4tqc-3ub8
5
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-36258, GHSA-2qmj-7962-cjq8, PYSEC-2023-98
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2h3-qgax-qbdr
9
url VCID-ayhd-z87z-jkbq
vulnerability_id VCID-ayhd-z87z-jkbq
summary An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
references
0
reference_url http://langchain.com
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-17T14:46:57Z/
url http://langchain.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36095
reference_id
reference_type
scores
0
value 0.03155
scoring_system epss
scoring_elements 0.87168
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36095
2
reference_url https://github.com/hwchase17/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-17T14:46:57Z/
url https://github.com/hwchase17/langchain
3
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
4
reference_url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
5
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
6
reference_url https://github.com/langchain-ai/langchain/commits/v0.0.236?after=4d8b48bdb3f17c764c5c2e3c7140071603869e74+34&branch=v0.0.236&qualified_name=refs%2Ftags%2Fv0.0.236
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commits/v0.0.236?after=4d8b48bdb3f17c764c5c2e3c7140071603869e74+34&branch=v0.0.236&qualified_name=refs%2Ftags%2Fv0.0.236
7
reference_url https://github.com/langchain-ai/langchain/issues/5872
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-17T14:46:57Z/
url https://github.com/langchain-ai/langchain/issues/5872
8
reference_url https://github.com/langchain-ai/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6003
9
reference_url https://github.com/langchain-ai/langchain/pull/7870
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/7870
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-138.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-138.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36095
reference_id CVE-2023-36095
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36095
12
reference_url https://github.com/advisories/GHSA-gwqq-6vq7-5j86
reference_id GHSA-gwqq-6vq7-5j86
reference_type
scores
url https://github.com/advisories/GHSA-gwqq-6vq7-5j86
fixed_packages
0
url pkg:pypi/langchain@0.0.236
purl pkg:pypi/langchain@0.0.236
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cyy-g843-9qec
2
vulnerability VCID-52vp-m7t5-hqas
3
vulnerability VCID-5977-kuku-ebek
4
vulnerability VCID-964p-24u8-yucb
5
vulnerability VCID-a2h3-qgax-qbdr
6
vulnerability VCID-ctus-n9fc-gqhu
7
vulnerability VCID-exkd-sryf-e3ad
8
vulnerability VCID-fdk5-mhqa-mqgw
9
vulnerability VCID-m5uw-4tqc-3ub8
10
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236
aliases CVE-2023-36095, GHSA-gwqq-6vq7-5j86, PYSEC-2023-138
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ayhd-z87z-jkbq
10
url VCID-ctus-n9fc-gqhu
vulnerability_id VCID-ctus-n9fc-gqhu
summary SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36189
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.37044
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36189
1
reference_url https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
2
reference_url https://github.com/hwchase17/langchain/issues/5923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://github.com/hwchase17/langchain/issues/5923
3
reference_url https://github.com/hwchase17/langchain/pull/6051
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://github.com/hwchase17/langchain/pull/6051
4
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
5
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
6
reference_url https://github.com/langchain-ai/langchain/issues/5923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/5923
7
reference_url https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841
8
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36189
reference_id CVE-2023-36189
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36189
11
reference_url https://github.com/advisories/GHSA-7q94-qpjr-xpgm
reference_id GHSA-7q94-qpjr-xpgm
reference_type
scores
url https://github.com/advisories/GHSA-7q94-qpjr-xpgm
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-52vp-m7t5-hqas
2
vulnerability VCID-964p-24u8-yucb
3
vulnerability VCID-fdk5-mhqa-mqgw
4
vulnerability VCID-m5uw-4tqc-3ub8
5
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-36189, GHSA-7q94-qpjr-xpgm, PYSEC-2023-110
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctus-n9fc-gqhu
11
url VCID-dv6m-m6rf-4qa9
vulnerability_id VCID-dv6m-m6rf-4qa9
summary An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.
references
0
reference_url https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2023-12-13T16:27:50Z/
url https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36281
reference_id
reference_type
scores
0
value 0.62245
scoring_system epss
scoring_elements 0.98382
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36281
2
reference_url https://github.com/hwchase17/langchain/issues/4394
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2023-12-13T16:27:50Z/
url https://github.com/hwchase17/langchain/issues/4394
3
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
4
reference_url https://github.com/langchain-ai/langchain/commit/22abeb9f6cc555591bf8e92b5e328e43aa07ff6c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/22abeb9f6cc555591bf8e92b5e328e43aa07ff6c
5
reference_url https://github.com/langchain-ai/langchain/pull/10252
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/10252
6
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2023-12-13T16:27:50Z/
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-151.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-151.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36281
reference_id CVE-2023-36281
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36281
9
reference_url https://github.com/advisories/GHSA-7gfq-f96f-g85j
reference_id GHSA-7gfq-f96f-g85j
reference_type
scores
url https://github.com/advisories/GHSA-7gfq-f96f-g85j
fixed_packages
0
url pkg:pypi/langchain@0.0.171
purl pkg:pypi/langchain@0.0.171
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cuv-kudj-c3cg
2
vulnerability VCID-2cyy-g843-9qec
3
vulnerability VCID-52vp-m7t5-hqas
4
vulnerability VCID-5977-kuku-ebek
5
vulnerability VCID-964p-24u8-yucb
6
vulnerability VCID-9d9u-r5kk-6fa4
7
vulnerability VCID-a2h3-qgax-qbdr
8
vulnerability VCID-ayhd-z87z-jkbq
9
vulnerability VCID-ctus-n9fc-gqhu
10
vulnerability VCID-exkd-sryf-e3ad
11
vulnerability VCID-fdk5-mhqa-mqgw
12
vulnerability VCID-j2kj-2axx-rqgr
13
vulnerability VCID-m5uw-4tqc-3ub8
14
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.171
1
url pkg:pypi/langchain@0.0.312
purl pkg:pypi/langchain@0.0.312
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-964p-24u8-yucb
2
vulnerability VCID-fdk5-mhqa-mqgw
3
vulnerability VCID-m5uw-4tqc-3ub8
4
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.312
aliases CVE-2023-36281, GHSA-7gfq-f96f-g85j, PYSEC-2023-151
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dv6m-m6rf-4qa9
12
url VCID-exkd-sryf-e3ad
vulnerability_id VCID-exkd-sryf-e3ad
summary An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38860
reference_id
reference_type
scores
0
value 0.01806
scoring_system epss
scoring_elements 0.83185
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38860
1
reference_url https://github.com/hwchase17/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hwchase17/langchain
2
reference_url https://github.com/hwchase17/langchain/issues/7641
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:16:43Z/
url https://github.com/hwchase17/langchain/issues/7641
3
reference_url https://github.com/langchain-ai/langchain/commit/d353d668e4b0514122a443cef91de7f76fea4245
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/d353d668e4b0514122a443cef91de7f76fea4245
4
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
5
reference_url https://github.com/langchain-ai/langchain/issues/7641
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/7641
6
reference_url https://github.com/langchain-ai/langchain/pull/8092
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8092
7
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-145.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-145.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38860
reference_id CVE-2023-38860
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38860
10
reference_url https://github.com/advisories/GHSA-fj32-q626-pjjc
reference_id GHSA-fj32-q626-pjjc
reference_type
scores
url https://github.com/advisories/GHSA-fj32-q626-pjjc
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-52vp-m7t5-hqas
2
vulnerability VCID-964p-24u8-yucb
3
vulnerability VCID-fdk5-mhqa-mqgw
4
vulnerability VCID-m5uw-4tqc-3ub8
5
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-38860, GHSA-fj32-q626-pjjc, PYSEC-2023-145
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-exkd-sryf-e3ad
13
url VCID-fdk5-mhqa-mqgw
vulnerability_id VCID-fdk5-mhqa-mqgw
summary A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7042
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.1962
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7042
1
reference_url https://github.com/langchain-ai/langchainjs
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchainjs
2
reference_url https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:49Z/
url https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-114.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-114.yaml
4
reference_url https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:49Z/
url https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7042
reference_id CVE-2024-7042
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7042
6
reference_url https://github.com/advisories/GHSA-6m59-8fmv-m5f9
reference_id GHSA-6m59-8fmv-m5f9
reference_type
scores
url https://github.com/advisories/GHSA-6m59-8fmv-m5f9
fixed_packages
0
url pkg:pypi/langchain@0.3.1
purl pkg:pypi/langchain@0.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.3.1
aliases CVE-2024-7042, GHSA-6m59-8fmv-m5f9, PYSEC-2024-114
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdk5-mhqa-mqgw
14
url VCID-j2kj-2axx-rqgr
vulnerability_id VCID-j2kj-2axx-rqgr
summary Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34540
reference_id
reference_type
scores
0
value 0.0187
scoring_system epss
scoring_elements 0.83473
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34540
1
reference_url https://github.com/hwchase17/langchain/issues/4833
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hwchase17/langchain/issues/4833
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/a2f191a32229256dd41deadf97786fe41ce04cbb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/a2f191a32229256dd41deadf97786fe41ce04cbb
4
reference_url https://github.com/langchain-ai/langchain/issues/4833
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/4833
5
reference_url https://github.com/langchain-ai/langchain/pull/6992
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6992
6
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-91.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-91.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34540
reference_id CVE-2023-34540
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34540
9
reference_url https://github.com/advisories/GHSA-x32c-59v5-h7fg
reference_id GHSA-x32c-59v5-h7fg
reference_type
scores
url https://github.com/advisories/GHSA-x32c-59v5-h7fg
fixed_packages
0
url pkg:pypi/langchain@0.0.225
purl pkg:pypi/langchain@0.0.225
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-2cuv-kudj-c3cg
2
vulnerability VCID-2cyy-g843-9qec
3
vulnerability VCID-52vp-m7t5-hqas
4
vulnerability VCID-5977-kuku-ebek
5
vulnerability VCID-964p-24u8-yucb
6
vulnerability VCID-a2h3-qgax-qbdr
7
vulnerability VCID-ayhd-z87z-jkbq
8
vulnerability VCID-ctus-n9fc-gqhu
9
vulnerability VCID-exkd-sryf-e3ad
10
vulnerability VCID-fdk5-mhqa-mqgw
11
vulnerability VCID-m5uw-4tqc-3ub8
12
vulnerability VCID-mrfe-fcyn-1qg8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.225
aliases CVE-2023-34540, GHSA-x32c-59v5-h7fg, PYSEC-2023-91
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2kj-2axx-rqgr
15
url VCID-m5uw-4tqc-3ub8
vulnerability_id VCID-m5uw-4tqc-3ub8
summary LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
reference_id
reference_type
scores
0
value 0.13435
scoring_system epss
scoring_elements 0.94338
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
3
reference_url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
4
reference_url https://github.com/langchain-ai/langchain/pull/18600
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/pull/18600
5
reference_url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
reference_id CVE-2024-28088
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
9
reference_url https://github.com/advisories/GHSA-h59x-p739-982c
reference_id GHSA-h59x-p739-982c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h59x-p739-982c
fixed_packages
0
url pkg:pypi/langchain@0.0.339
purl pkg:pypi/langchain@0.0.339
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-964p-24u8-yucb
2
vulnerability VCID-fdk5-mhqa-mqgw
3
vulnerability VCID-m5uw-4tqc-3ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.339
1
url pkg:pypi/langchain@0.1.11
purl pkg:pypi/langchain@0.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-964p-24u8-yucb
2
vulnerability VCID-fdk5-mhqa-mqgw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.1.11
aliases CVE-2024-28088, GHSA-h59x-p739-982c, PYSEC-2024-43, PYSEC-2024-45
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5uw-4tqc-3ub8
16
url VCID-mrfe-fcyn-1qg8
vulnerability_id VCID-mrfe-fcyn-1qg8
summary LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46229.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46229
reference_id
reference_type
scores
0
value 0.01752
scoring_system epss
scoring_elements 0.82939
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46229
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T18:06:03Z/
url https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8
4
reference_url https://github.com/langchain-ai/langchain/pull/11925
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T18:06:03Z/
url https://github.com/langchain-ai/langchain/pull/11925
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-205.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-205.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2390135
reference_id 2390135
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2390135
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46229
reference_id CVE-2023-46229
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46229
8
reference_url https://github.com/advisories/GHSA-655w-fm8m-m478
reference_id GHSA-655w-fm8m-m478
reference_type
scores
url https://github.com/advisories/GHSA-655w-fm8m-m478
fixed_packages
0
url pkg:pypi/langchain@0.0.317
purl pkg:pypi/langchain@0.0.317
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23um-cqks-tkc5
1
vulnerability VCID-964p-24u8-yucb
2
vulnerability VCID-fdk5-mhqa-mqgw
3
vulnerability VCID-m5uw-4tqc-3ub8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.317
aliases CVE-2023-46229, GHSA-655w-fm8m-m478, PYSEC-2023-205
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mrfe-fcyn-1qg8
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.59