VulnerableCode Package Details - pkg:npm/langsmith@0.5.19

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-52gv-vrq8-6fc5	LangSmith SDK: Streaming token events bypass output redaction ## Summary The LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a new_token event containing the raw token value. These events bypass the redaction pipeline entirely — prepareRunCreateOrUpdateInputs (JS) and _hide_run_outputs (Python) only process the inputs and outputs fields on a run, never the events array. As a result, applications relying on output redaction to prevent sensitive LLM output from being stored in LangSmith will still leak the full streamed content via run events. ## Details Both JS and Python SDKs are affected. The same pattern exists in both: - JS SDK: `traceable.ts:997-1003` and `traceable.ts:1044-1050` - Python SDK: `run_helpers.py:1924` and `run_helpers.py:1996` In both SDKs, `new_token` events with raw `kwargs.token` values are added during streaming, and the redaction pipeline (`hideOutputs` in JS, `hide_outputs` in Python) only processes `inputs`/`outputs` — never `events`.	CVE-2026-41182 GHSA-rr7j-v2q5-chgv

Vulnerability

Summary

Aliases

VCID-52gv-vrq8-6fc5

LangSmith SDK: Streaming token events bypass output redaction ## Summary The LangSmith SDK's output redaction controls (hideOutputs in JS, hide_outputs in Python) do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a new_token event containing the raw token value. These events bypass the redaction pipeline entirely — prepareRunCreateOrUpdateInputs (JS) and _hide_run_outputs (Python) only process the inputs and outputs fields on a run, never the events array. As a result, applications relying on output redaction to prevent sensitive LLM output from being stored in LangSmith will still leak the full streamed content via run events. ## Details **Both JS and Python SDKs are affected.** The same pattern exists in both: - **JS SDK**: `traceable.ts:997-1003` and `traceable.ts:1044-1050` - **Python SDK**: `run_helpers.py:1924` and `run_helpers.py:1996` In both SDKs, `new_token` events with raw `kwargs.token` values are added during streaming, and the redaction pipeline (`hideOutputs` in JS, `hide_outputs` in Python) only processes `inputs`/`outputs` — never `events`.

CVE-2026-41182
GHSA-rr7j-v2q5-chgv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-07T20:53:44.563803+00:00	GHSA Importer	Fixing	VCID-52gv-vrq8-6fc5	https://github.com/advisories/GHSA-rr7j-v2q5-chgv	38.6.0
2026-06-06T08:08:23.168150+00:00	GitLab Importer	Fixing	VCID-52gv-vrq8-6fc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/langsmith/GHSA-rr7j-v2q5-chgv.yml	38.6.0
2026-06-06T08:07:24.277658+00:00	GitLab Importer	Fixing	VCID-52gv-vrq8-6fc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/langsmith/CVE-2026-41182.yml	38.6.0
2026-06-04T16:52:31.274769+00:00	GithubOSV Importer	Fixing	VCID-52gv-vrq8-6fc5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rr7j-v2q5-chgv/GHSA-rr7j-v2q5-chgv.json	38.6.0