Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/langgraph@0.2.11

Type pypi

Namespace

Name langgraph

Version 0.2.11

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.0.10rc1

Latest_non_vulnerable_version 1.0.10

Affected_by_vulnerabilities

url VCID-76v7-1391-xqbn

vulnerability_id VCID-76v7-1391-xqbn

summary LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.

references

reference_url	https://github.com/langchain-ai/langgraph
reference_id
reference_type
scores
url	https://github.com/langchain-ai/langgraph

reference_url

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2026-28277
reference_id	CVE-2026-28277
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2026-28277

reference_url	https://github.com/advisories/GHSA-g48c-2wqr-h844
reference_id	GHSA-g48c-2wqr-h844
reference_type
scores
url	https://github.com/advisories/GHSA-g48c-2wqr-h844

fixed_packages

url	pkg:pypi/langgraph@1.0.10rc1
purl	pkg:pypi/langgraph@1.0.10rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph@1.0.10rc1

url	pkg:pypi/langgraph@1.0.10
purl	pkg:pypi/langgraph@1.0.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph@1.0.10

aliases CVE-2026-28277, GHSA-g48c-2wqr-h844, PYSEC-2026-83

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76v7-1391-xqbn

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph@0.2.11

Package Instance