Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/34142?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/34142?format=api", "purl": "pkg:pypi/langchain@0.0.159", "type": "pypi", "namespace": "", "name": "langchain", "version": "0.0.159", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.0.308", "latest_non_vulnerable_version": "0.0.308", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36518?format=api", "vulnerability_id": "VCID-2cuv-kudj-c3cg", "summary": "An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/7700", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/langchain-ai/langchain/issues/7700" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/5640", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/langchain-ai/langchain/pull/5640" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34216?format=api", "purl": "pkg:pypi/langchain@0.0.233", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cyy-g843-9qec" }, { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-5977-kuku-ebek" }, { "vulnerability": "VCID-a2h3-qgax-qbdr" }, { "vulnerability": "VCID-ayhd-z87z-jkbq" }, { "vulnerability": "VCID-ctus-n9fc-gqhu" }, { "vulnerability": "VCID-exkd-sryf-e3ad" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.233" } ], "aliases": [ "CVE-2023-39659", "PYSEC-2023-147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2cuv-kudj-c3cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36463?format=api", "vulnerability_id": "VCID-2cyy-g843-9qec", "summary": "Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/4849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/issues/4849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34232?format=api", "purl": "pkg:pypi/langchain@0.0.247", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247" } ], "aliases": [ "CVE-2023-34541", "PYSEC-2023-92" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2cyy-g843-9qec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36538?format=api", "vulnerability_id": "VCID-52vp-m7t5-hqas", "summary": "An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/8363", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/langchain-ai/langchain/issues/8363" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/11302", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/langchain-ai/langchain/pull/11302" }, { "reference_url": "https://github.com/pydata/numexpr/issues/442", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/pydata/numexpr/issues/442" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35618?format=api", "purl": "pkg:pypi/langchain@0.0.308", "is_vulnerable": false, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.308" } ], "aliases": [ "CVE-2023-39631", "PYSEC-2023-162", "PYSEC-2023-163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52vp-m7t5-hqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36477?format=api", "vulnerability_id": "VCID-5977-kuku-ebek", "summary": "An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/5872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/issues/5872" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/8425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/pull/8425" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34232?format=api", "purl": "pkg:pypi/langchain@0.0.247", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247" } ], "aliases": [ "CVE-2023-36188", "PYSEC-2023-109" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5977-kuku-ebek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36521?format=api", "vulnerability_id": "VCID-9d9u-r5kk-6fa4", "summary": "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.", "references": [ { "reference_url": "https://github.com/hwchase17/langchain/issues/5872", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/hwchase17/langchain/issues/5872" }, { "reference_url": "https://github.com/hwchase17/langchain/pull/6003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/hwchase17/langchain/pull/6003" }, { "reference_url": "https://twitter.com/llm_sec/status/1668711587287375876", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://twitter.com/llm_sec/status/1668711587287375876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34178?format=api", "purl": "pkg:pypi/langchain@0.0.195", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cuv-kudj-c3cg" }, { "vulnerability": "VCID-2cyy-g843-9qec" }, { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-5977-kuku-ebek" }, { "vulnerability": "VCID-a2h3-qgax-qbdr" }, { "vulnerability": "VCID-ayhd-z87z-jkbq" }, { "vulnerability": "VCID-ctus-n9fc-gqhu" }, { "vulnerability": "VCID-exkd-sryf-e3ad" }, { "vulnerability": "VCID-j2kj-2axx-rqgr" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.195" } ], "aliases": [ "CVE-2023-38896", "PYSEC-2023-146" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d9u-r5kk-6fa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36472?format=api", "vulnerability_id": "VCID-a2h3-qgax-qbdr", "summary": "An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/5872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/issues/5872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34232?format=api", "purl": "pkg:pypi/langchain@0.0.247", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247" } ], "aliases": [ "CVE-2023-36258", "PYSEC-2023-98" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a2h3-qgax-qbdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36509?format=api", "vulnerability_id": "VCID-ayhd-z87z-jkbq", "summary": "An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.", "references": [ { "reference_url": "http://langchain.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "http://langchain.com" }, { "reference_url": "https://github.com/hwchase17/langchain", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/hwchase17/langchain" }, { "reference_url": "https://github.com/langchain-ai/langchain/issues/5872", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/langchain-ai/langchain/issues/5872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34219?format=api", "purl": "pkg:pypi/langchain@0.0.236", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cyy-g843-9qec" }, { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-5977-kuku-ebek" }, { "vulnerability": "VCID-a2h3-qgax-qbdr" }, { "vulnerability": "VCID-ctus-n9fc-gqhu" }, { "vulnerability": "VCID-exkd-sryf-e3ad" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236" } ], "aliases": [ "CVE-2023-36095", "PYSEC-2023-138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ayhd-z87z-jkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36478?format=api", "vulnerability_id": "VCID-ctus-n9fc-gqhu", "summary": "SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/5923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/issues/5923" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/8425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/pull/8425" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34232?format=api", "purl": "pkg:pypi/langchain@0.0.247", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247" } ], "aliases": [ "CVE-2023-36189", "PYSEC-2023-110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctus-n9fc-gqhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36525?format=api", "vulnerability_id": "VCID-dv6m-m6rf-4qa9", "summary": "An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.", "references": [ { "reference_url": "https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55" }, { "reference_url": "https://github.com/hwchase17/langchain/issues/4394", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/hwchase17/langchain/issues/4394" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34154?format=api", "purl": "pkg:pypi/langchain@0.0.171", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cuv-kudj-c3cg" }, { "vulnerability": "VCID-2cyy-g843-9qec" }, { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-5977-kuku-ebek" }, { "vulnerability": "VCID-9d9u-r5kk-6fa4" }, { "vulnerability": "VCID-a2h3-qgax-qbdr" }, { "vulnerability": "VCID-ayhd-z87z-jkbq" }, { "vulnerability": "VCID-ctus-n9fc-gqhu" }, { "vulnerability": "VCID-exkd-sryf-e3ad" }, { "vulnerability": "VCID-j2kj-2axx-rqgr" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.171" } ], "aliases": [ "CVE-2023-36281", "PYSEC-2023-151" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dv6m-m6rf-4qa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36519?format=api", "vulnerability_id": "VCID-exkd-sryf-e3ad", "summary": "An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/7641", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/langchain-ai/langchain/issues/7641" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34232?format=api", "purl": "pkg:pypi/langchain@0.0.247", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247" } ], "aliases": [ "CVE-2023-38860", "PYSEC-2023-145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-exkd-sryf-e3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36461?format=api", "vulnerability_id": "VCID-j2kj-2axx-rqgr", "summary": "Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.", "references": [ { "reference_url": "https://github.com/langchain-ai/langchain/issues/4833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/issues/4833" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/6992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/langchain-ai/langchain/pull/6992" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34208?format=api", "purl": "pkg:pypi/langchain@0.0.225", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cuv-kudj-c3cg" }, { "vulnerability": "VCID-2cyy-g843-9qec" }, { "vulnerability": "VCID-52vp-m7t5-hqas" }, { "vulnerability": "VCID-5977-kuku-ebek" }, { "vulnerability": "VCID-a2h3-qgax-qbdr" }, { "vulnerability": "VCID-ayhd-z87z-jkbq" }, { "vulnerability": "VCID-ctus-n9fc-gqhu" }, { "vulnerability": "VCID-exkd-sryf-e3ad" }, { "vulnerability": "VCID-mrfe-fcyn-1qg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.225" } ], "aliases": [ "CVE-2023-34540", "PYSEC-2023-91" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j2kj-2axx-rqgr" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.159" }