VulnerableCode Package Details - pkg:pypi/langchain-core@0.0.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/langchain-core@0.0.2

Essentials
History (1)

purl	pkg:pypi/langchain-core@0.0.2

Next non-vulnerable version	0.1.11
Latest non-vulnerable version	1.2.11
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-m5uw-4tqc-3ub8 Aliases: CVE-2024-28088 GHSA-h59x-p739-982c PYSEC-2024-43 PYSEC-2024-45	LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.	0.1.11 Affected by 0 other vulnerabilities. 0.1.30 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-m5uw-4tqc-3ub8
Aliases:
CVE-2024-28088
GHSA-h59x-p739-982c
PYSEC-2024-43
PYSEC-2024-45

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.

0.1.11
Affected by 0 other vulnerabilities.

0.1.30
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:21:05.943421+00:00	Pypa Importer	Affected by	VCID-m5uw-4tqc-3ub8	https://github.com/pypa/advisory-database/blob/main/vulns/langchain-core/PYSEC-2024-45.yaml	38.6.0