Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langchain-community@0.0.19
Typepypi
Namespace
Namelangchain-community
Version0.0.19
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.0.28
Latest_non_vulnerable_version0.3.27
Affected_by_vulnerabilities
0
url VCID-1ukg-d451-87es
vulnerability_id VCID-1ukg-d451-87es
summary A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2828.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2828.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2828
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38054
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2828
2
reference_url https://github.com/langchain-ai/langchain/commit/e188d4ecb085d4561a0be3c583d26aa9c2c3283f
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-24T13:32:17Z/
url https://github.com/langchain-ai/langchain/commit/e188d4ecb085d4561a0be3c583d26aa9c2c3283f
3
reference_url https://github.com/langchain-ai/langchain-community
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain-community
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-community/PYSEC-2025-70.yaml
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-community/PYSEC-2025-70.yaml
5
reference_url https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-24T13:32:17Z/
url https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2828
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2828
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2374398
reference_id 2374398
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2374398
8
reference_url https://github.com/advisories/GHSA-h5gc-rm8j-5gpr
reference_id GHSA-h5gc-rm8j-5gpr
reference_type
scores
url https://github.com/advisories/GHSA-h5gc-rm8j-5gpr
fixed_packages
0
url pkg:pypi/langchain-community@0.0.28
purl pkg:pypi/langchain-community@0.0.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.0.28
aliases CVE-2025-2828, GHSA-h5gc-rm8j-5gpr, PYSEC-2025-70
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ukg-d451-87es
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.0.19