VulnerableCode Package Details - pkg:pypi/langchain-core@0.4.0.dev0

Search for packages

Vulnerability	Summary	Fixed by
VCID-61vg-ekxn-hqfv Aliases: CVE-2026-26013 GHSA-2g6r-c272-w58r	LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages The `ChatOpenAI.get_num_tokens_from_messages()` method fetches arbitrary `image_url` values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input.	1.2.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zb77-fwdy-dbfy Aliases: CVE-2026-34070 GHSA-qh6h-p6c9-ff54	langchain: path traversal in legacy load_prompt functions in langchain-core	1.2.22 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-61vg-ekxn-hqfv
Aliases:
CVE-2026-26013
GHSA-2g6r-c272-w58r

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages The `ChatOpenAI.get_num_tokens_from_messages()` method fetches arbitrary `image_url` values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input.

1.2.11
Affected by 2 other vulnerabilities.

VCID-zb77-fwdy-dbfy
Aliases:
CVE-2026-34070
GHSA-qh6h-p6c9-ff54

langchain: path traversal in legacy load_prompt functions in langchain-core

1.2.22
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-8fbt-6heb-uyg1	LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs A serialization injection vulnerability exists in LangChain's `dumps()` and `dumpd()` functions. The functions do not escape dictionaries with `'lc'` keys when serializing free-form dictionaries. The `'lc'` key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data.	CVE-2025-68664 GHSA-c67j-w6g6-q2cm
VCID-z7kv-vrhw-1qad	langchain: incomplete f-string validation in prompt templates	CVE-2026-40087 GHSA-926x-3r5x-gfhw

Vulnerability

Summary

Aliases

VCID-8fbt-6heb-uyg1

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs A serialization injection vulnerability exists in LangChain's `dumps()` and `dumpd()` functions. The functions do not escape dictionaries with `'lc'` keys when serializing free-form dictionaries. The `'lc'` key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data.

CVE-2025-68664
GHSA-c67j-w6g6-q2cm

VCID-z7kv-vrhw-1qad

langchain: incomplete f-string validation in prompt templates

CVE-2026-40087
GHSA-926x-3r5x-gfhw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T07:50:22.469335+00:00	GitLab Importer	Fixing	VCID-z7kv-vrhw-1qad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langchain-core/CVE-2026-40087.yml	38.6.0
2026-06-06T07:37:46.196918+00:00	GitLab Importer	Affected by	VCID-zb77-fwdy-dbfy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langchain-core/CVE-2026-34070.yml	38.6.0
2026-06-06T06:51:56.538228+00:00	GitLab Importer	Affected by	VCID-61vg-ekxn-hqfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langchain-core/CVE-2026-26013.yml	38.6.0
2026-06-06T06:33:25.690244+00:00	GitLab Importer	Fixing	VCID-8fbt-6heb-uyg1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langchain-core/CVE-2025-68664.yml	38.6.0