Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langchain-core@0.1.11
Typepypi
Namespace
Namelangchain-core
Version0.1.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.84
Latest_non_vulnerable_version1.3.3
Affected_by_vulnerabilities
0
url VCID-61vg-ekxn-hqfv
vulnerability_id VCID-61vg-ekxn-hqfv
summary 
LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
The `ChatOpenAI.get_num_tokens_from_messages()` method fetches arbitrary `image_url` values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26013.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26013.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26013
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05492
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26013
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:26:20Z/
url https://github.com/langchain-ai/langchain/commit/2b4b1dc29a833d4053deba4c2b77a3848c834565
4
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:26:20Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.11
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438772
reference_id 2438772
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438772
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26013
reference_id CVE-2026-26013
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26013
7
reference_url https://github.com/advisories/GHSA-2g6r-c272-w58r
reference_id GHSA-2g6r-c272-w58r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2g6r-c272-w58r
8
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r
reference_id GHSA-2g6r-c272-w58r
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:26:20Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-2g6r-c272-w58r
fixed_packages
0
url pkg:pypi/langchain-core@1.2.11
purl pkg:pypi/langchain-core@1.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z7kv-vrhw-1qad
1
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.11
aliases CVE-2026-26013, GHSA-2g6r-c272-w58r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61vg-ekxn-hqfv
1
url VCID-8fbt-6heb-uyg1
vulnerability_id VCID-8fbt-6heb-uyg1
summary 
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
A serialization injection vulnerability exists in LangChain's `dumps()` and `dumpd()` functions. The functions do not escape dictionaries with `'lc'` keys when serializing free-form dictionaries. The `'lc'` key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68664.json
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68664
reference_id
reference_type
scores
0
value 0.02624
scoring_system epss
scoring_elements 0.85975
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68664
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
4
reference_url https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
5
reference_url https://github.com/langchain-ai/langchain/pull/34455
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/pull/34455
6
reference_url https://github.com/langchain-ai/langchain/pull/34458
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/pull/34458
7
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
8
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2424790
reference_id 2424790
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2424790
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52514.py
reference_id CVE-2025-68664
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52514.py
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68664
reference_id CVE-2025-68664
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68664
12
reference_url https://github.com/advisories/GHSA-c67j-w6g6-q2cm
reference_id GHSA-c67j-w6g6-q2cm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c67j-w6g6-q2cm
13
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
reference_id GHSA-c67j-w6g6-q2cm
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-24T14:40:55Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
14
reference_url https://access.redhat.com/errata/RHSA-2026:0406
reference_id RHSA-2026:0406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0406
15
reference_url https://access.redhat.com/errata/RHSA-2026:0408
reference_id RHSA-2026:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0408
16
reference_url https://access.redhat.com/errata/RHSA-2026:0409
reference_id RHSA-2026:0409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0409
17
reference_url https://access.redhat.com/errata/RHSA-2026:1610
reference_id RHSA-2026:1610
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1610
fixed_packages
0
url pkg:pypi/langchain-core@0.3.81
purl pkg:pypi/langchain-core@0.3.81
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-z7kv-vrhw-1qad
2
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.81
1
url pkg:pypi/langchain-core@0.4.0.dev0
purl pkg:pypi/langchain-core@0.4.0.dev0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.4.0.dev0
2
url pkg:pypi/langchain-core@1.2.5
purl pkg:pypi/langchain-core@1.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-z7kv-vrhw-1qad
2
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.5
aliases CVE-2025-68664, GHSA-c67j-w6g6-q2cm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fbt-6heb-uyg1
2
url VCID-91ur-jaq8-xqcj
vulnerability_id VCID-91ur-jaq8-xqcj
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65106.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65106.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65106
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16593
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65106
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T21:53:02Z/
url https://github.com/langchain-ai/langchain/commit/c4b6ba254e1a49ed91f2e268e6484011c540542a
4
reference_url https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T21:53:02Z/
url https://github.com/langchain-ai/langchain/commit/fa7789d6c21222b85211755d822ef698d3b34e00
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2416504
reference_id 2416504
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2416504
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65106
reference_id CVE-2025-65106
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65106
7
reference_url https://github.com/advisories/GHSA-6qv9-48xg-fc7f
reference_id GHSA-6qv9-48xg-fc7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qv9-48xg-fc7f
8
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f
reference_id GHSA-6qv9-48xg-fc7f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-21T21:53:02Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-6qv9-48xg-fc7f
fixed_packages
0
url pkg:pypi/langchain-core@0.3.80
purl pkg:pypi/langchain-core@0.3.80
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-8fbt-6heb-uyg1
2
vulnerability VCID-z7kv-vrhw-1qad
3
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.80
1
url pkg:pypi/langchain-core@1.0.7
purl pkg:pypi/langchain-core@1.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-8fbt-6heb-uyg1
2
vulnerability VCID-z7kv-vrhw-1qad
3
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.0.7
aliases CVE-2025-65106, GHSA-6qv9-48xg-fc7f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91ur-jaq8-xqcj
3
url VCID-chue-k3f3-m3b9
vulnerability_id VCID-chue-k3f3-m3b9
summary 
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html

This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service.

This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.

A successful attack is predicated on:

1. Usage of XMLOutputParser
2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf
3. Exposing the component via a web-service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-1455
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28252
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-1455
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T15:55:06Z/
url https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3
3
reference_url https://github.com/langchain-ai/langchain/pull/17250
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/17250
4
reference_url https://github.com/langchain-ai/langchain/pull/19653
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/19653
5
reference_url https://github.com/langchain-ai/langchain/pull/19660
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/19660
6
reference_url https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T15:55:06Z/
url https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-1455
reference_id CVE-2024-1455
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-1455
8
reference_url https://github.com/advisories/GHSA-q84m-rmw3-4382
reference_id GHSA-q84m-rmw3-4382
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q84m-rmw3-4382
fixed_packages
0
url pkg:pypi/langchain-core@0.1.34
purl pkg:pypi/langchain-core@0.1.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9s-4vzv-zfhm
1
vulnerability VCID-61vg-ekxn-hqfv
2
vulnerability VCID-8fbt-6heb-uyg1
3
vulnerability VCID-91ur-jaq8-xqcj
4
vulnerability VCID-z7kv-vrhw-1qad
5
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.1.34
1
url pkg:pypi/langchain-core@0.1.35
purl pkg:pypi/langchain-core@0.1.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9s-4vzv-zfhm
1
vulnerability VCID-61vg-ekxn-hqfv
2
vulnerability VCID-8fbt-6heb-uyg1
3
vulnerability VCID-91ur-jaq8-xqcj
4
vulnerability VCID-z7kv-vrhw-1qad
5
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.1.35
aliases CVE-2024-1455, GHSA-q84m-rmw3-4382
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chue-k3f3-m3b9
4
url VCID-m5uw-4tqc-3ub8
vulnerability_id VCID-m5uw-4tqc-3ub8
summary LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
reference_id
reference_type
scores
0
value 0.13435
scoring_system epss
scoring_elements 0.94338
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
3
reference_url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
4
reference_url https://github.com/langchain-ai/langchain/pull/18600
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/pull/18600
5
reference_url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
reference_id CVE-2024-28088
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
9
reference_url https://github.com/advisories/GHSA-h59x-p739-982c
reference_id GHSA-h59x-p739-982c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h59x-p739-982c
fixed_packages
0
url pkg:pypi/langchain-core@0.1.30
purl pkg:pypi/langchain-core@0.1.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9s-4vzv-zfhm
1
vulnerability VCID-61vg-ekxn-hqfv
2
vulnerability VCID-8fbt-6heb-uyg1
3
vulnerability VCID-91ur-jaq8-xqcj
4
vulnerability VCID-chue-k3f3-m3b9
5
vulnerability VCID-z7kv-vrhw-1qad
6
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.1.30
aliases CVE-2024-28088, GHSA-h59x-p739-982c, PYSEC-2024-43, PYSEC-2024-45
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5uw-4tqc-3ub8
5
url VCID-z7kv-vrhw-1qad
vulnerability_id VCID-z7kv-vrhw-1qad
summary langchain: incomplete f-string validation in prompt templates
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40087.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40087.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40087
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17523
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40087
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/commit/6bab0ba3c12328008ddca3e0d54ff5a6151cd27b
4
reference_url https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/commit/af2ed47c6f008cdd551f3c0d87db3774c8dfe258
5
reference_url https://github.com/langchain-ai/langchain/pull/36612
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/pull/36612
6
reference_url https://github.com/langchain-ai/langchain/pull/36613
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/pull/36613
7
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.84
8
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.28
9
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:47:52Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-926x-3r5x-gfhw
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40087
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40087
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2457024
reference_id 2457024
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2457024
12
reference_url https://github.com/advisories/GHSA-926x-3r5x-gfhw
reference_id GHSA-926x-3r5x-gfhw
reference_type
scores
url https://github.com/advisories/GHSA-926x-3r5x-gfhw
fixed_packages
0
url pkg:pypi/langchain-core@0.3.84
purl pkg:pypi/langchain-core@0.3.84
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.3.84
1
url pkg:pypi/langchain-core@0.4.0.dev0
purl pkg:pypi/langchain-core@0.4.0.dev0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.4.0.dev0
2
url pkg:pypi/langchain-core@1.2.28
purl pkg:pypi/langchain-core@1.2.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.28
aliases CVE-2026-40087, GHSA-926x-3r5x-gfhw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7kv-vrhw-1qad
6
url VCID-zb77-fwdy-dbfy
vulnerability_id VCID-zb77-fwdy-dbfy
summary langchain: path traversal in legacy load_prompt functions in langchain-core
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34070.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34070.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34070
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10901
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34070
2
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
3
reference_url https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:17:33Z/
url https://github.com/langchain-ai/langchain/commit/27add913474e01e33bededf4096151130ba0d47c
4
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-core==1.2.22
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:17:33Z/
url https://github.com/langchain-ai/langchain/releases/tag/langchain-core==1.2.22
5
reference_url https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff54
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T15:17:33Z/
url https://github.com/langchain-ai/langchain/security/advisories/GHSA-qh6h-p6c9-ff54
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34070
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34070
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453287
reference_id 2453287
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453287
8
reference_url https://github.com/advisories/GHSA-qh6h-p6c9-ff54
reference_id GHSA-qh6h-p6c9-ff54
reference_type
scores
url https://github.com/advisories/GHSA-qh6h-p6c9-ff54
fixed_packages
0
url pkg:pypi/langchain-core@1.2.22
purl pkg:pypi/langchain-core@1.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-z7kv-vrhw-1qad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@1.2.22
aliases CVE-2026-34070, GHSA-qh6h-p6c9-ff54
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zb77-fwdy-dbfy
Fixing_vulnerabilities
0
url VCID-m5uw-4tqc-3ub8
vulnerability_id VCID-m5uw-4tqc-3ub8
summary LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
reference_id
reference_type
scores
0
value 0.13435
scoring_system epss
scoring_elements 0.94338
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
1
reference_url https://github.com/langchain-ai/langchain
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain
2
reference_url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
3
reference_url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
4
reference_url https://github.com/langchain-ai/langchain/pull/18600
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/pull/18600
5
reference_url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
reference_id CVE-2024-28088
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
9
reference_url https://github.com/advisories/GHSA-h59x-p739-982c
reference_id GHSA-h59x-p739-982c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h59x-p739-982c
fixed_packages
0
url pkg:pypi/langchain-core@0.1.11
purl pkg:pypi/langchain-core@0.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-61vg-ekxn-hqfv
1
vulnerability VCID-8fbt-6heb-uyg1
2
vulnerability VCID-91ur-jaq8-xqcj
3
vulnerability VCID-chue-k3f3-m3b9
4
vulnerability VCID-m5uw-4tqc-3ub8
5
vulnerability VCID-z7kv-vrhw-1qad
6
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.1.11
1
url pkg:pypi/langchain-core@0.1.30
purl pkg:pypi/langchain-core@0.1.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4u9s-4vzv-zfhm
1
vulnerability VCID-61vg-ekxn-hqfv
2
vulnerability VCID-8fbt-6heb-uyg1
3
vulnerability VCID-91ur-jaq8-xqcj
4
vulnerability VCID-chue-k3f3-m3b9
5
vulnerability VCID-z7kv-vrhw-1qad
6
vulnerability VCID-zb77-fwdy-dbfy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.1.30
aliases CVE-2024-28088, GHSA-h59x-p739-982c, PYSEC-2024-43, PYSEC-2024-45
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5uw-4tqc-3ub8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langchain-core@0.1.11