Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/langchain@0.0.26
purl pkg:pypi/langchain@0.0.26
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk
Vulnerabilities affecting this package (15)
Vulnerability Summary Fixed by
VCID-2cuv-kudj-c3cg
Aliases:
CVE-2023-39659
PYSEC-2023-147
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
0.0.233
Affected by 10 other vulnerabilities.
VCID-2cyy-g843-9qec
Aliases:
CVE-2023-34541
PYSEC-2023-92
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
0.0.247
Affected by 4 other vulnerabilities.
VCID-3ve9-cev3-a7g5
Aliases:
CVE-2023-29374
PYSEC-2023-18
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
0.0.132
Affected by 14 other vulnerabilities.
VCID-52vp-m7t5-hqas
Aliases:
CVE-2023-39631
PYSEC-2023-162
PYSEC-2023-163
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
0.0.308
Affected by 3 other vulnerabilities.
VCID-5977-kuku-ebek
Aliases:
CVE-2023-36188
PYSEC-2023-109
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
0.0.247
Affected by 4 other vulnerabilities.
VCID-964p-24u8-yucb
Aliases:
CVE-2024-2965
PYSEC-2024-118
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.
0.2.5
Affected by 0 other vulnerabilities.
VCID-9d9u-r5kk-6fa4
Aliases:
CVE-2023-38896
PYSEC-2023-146
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
0.0.195
Affected by 12 other vulnerabilities.
VCID-a2h3-qgax-qbdr
Aliases:
CVE-2023-36258
PYSEC-2023-98
An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method.
0.0.247
Affected by 4 other vulnerabilities.
VCID-ayhd-z87z-jkbq
Aliases:
CVE-2023-36095
PYSEC-2023-138
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
0.0.236
Affected by 9 other vulnerabilities.
VCID-ctus-n9fc-gqhu
Aliases:
CVE-2023-36189
PYSEC-2023-110
SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
0.0.247
Affected by 4 other vulnerabilities.
VCID-dv6m-m6rf-4qa9
Aliases:
CVE-2023-36281
PYSEC-2023-151
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.
0.0.171
Affected by 13 other vulnerabilities.
VCID-exkd-sryf-e3ad
Aliases:
CVE-2023-38860
PYSEC-2023-145
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
0.0.247
Affected by 4 other vulnerabilities.
VCID-j2kj-2axx-rqgr
Aliases:
CVE-2023-34540
PYSEC-2023-91
Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.
0.0.225
Affected by 11 other vulnerabilities.
VCID-m5uw-4tqc-3ub8
Aliases:
CVE-2024-28088
PYSEC-2024-43
PYSEC-2024-45
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution.
0.1.11
Affected by 1 other vulnerability.
VCID-mrfe-fcyn-1qg8
Aliases:
CVE-2023-46229
PYSEC-2023-205
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
0.0.317
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:21:21.850422+00:00 Pypa Importer Affected by VCID-964p-24u8-yucb https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2024-118.yaml 38.6.0
2026-06-02T04:21:04.489654+00:00 Pypa Importer Affected by VCID-m5uw-4tqc-3ub8 https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2024-43.yaml 38.6.0
2026-06-02T04:19:50.800698+00:00 Pypa Importer Affected by VCID-mrfe-fcyn-1qg8 https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-205.yaml 38.6.0
2026-06-02T04:19:28.154610+00:00 Pypa Importer Affected by VCID-52vp-m7t5-hqas https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-162.yaml 38.6.0
2026-06-02T04:19:22.640172+00:00 Pypa Importer Affected by VCID-dv6m-m6rf-4qa9 https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-151.yaml 38.6.0
2026-06-02T04:19:21.464492+00:00 Pypa Importer Affected by VCID-9d9u-r5kk-6fa4 https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-146.yaml 38.6.0
2026-06-02T04:19:19.784197+00:00 Pypa Importer Affected by VCID-exkd-sryf-e3ad https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-145.yaml 38.6.0
2026-06-02T04:19:18.841869+00:00 Pypa Importer Affected by VCID-2cuv-kudj-c3cg https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-147.yaml 38.6.0
2026-06-02T04:19:16.203399+00:00 Pypa Importer Affected by VCID-ayhd-z87z-jkbq https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-138.yaml 38.6.0
2026-06-02T04:19:02.304826+00:00 Pypa Importer Affected by VCID-ctus-n9fc-gqhu https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-110.yaml 38.6.0
2026-06-02T04:19:01.255381+00:00 Pypa Importer Affected by VCID-5977-kuku-ebek https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-109.yaml 38.6.0
2026-06-02T04:18:59.302325+00:00 Pypa Importer Affected by VCID-a2h3-qgax-qbdr https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-98.yaml 38.6.0
2026-06-02T04:18:55.938749+00:00 Pypa Importer Affected by VCID-2cyy-g843-9qec https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-92.yaml 38.6.0
2026-06-02T04:18:54.795633+00:00 Pypa Importer Affected by VCID-j2kj-2axx-rqgr https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-91.yaml 38.6.0
2026-06-02T04:18:35.369824+00:00 Pypa Importer Affected by VCID-3ve9-cev3-a7g5 https://github.com/pypa/advisory-database/blob/main/vulns/langchain/PYSEC-2023-18.yaml 38.6.0