Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langgraph-checkpoint-sqlite@2.0.10
Typepypi
Namespace
Namelanggraph-checkpoint-sqlite
Version2.0.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.1
Latest_non_vulnerable_version3.0.1
Affected_by_vulnerabilities
0
url VCID-1vr9-u3zr-17dz
vulnerability_id VCID-1vr9-u3zr-17dz
summary LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67644
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06558
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67644
1
reference_url https://github.com/langchain-ai/langgraph
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langgraph
2
reference_url https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a
reference_id 297242913f8ad2143ee3e2f72e67db0911d48e2a
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T15:35:51Z/
url https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67644
reference_id CVE-2025-67644
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67644
4
reference_url https://github.com/advisories/GHSA-9rwj-6rc7-p77c
reference_id GHSA-9rwj-6rc7-p77c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9rwj-6rc7-p77c
5
reference_url https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c
reference_id GHSA-9rwj-6rc7-p77c
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T15:35:51Z/
url https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c
fixed_packages
0
url pkg:pypi/langgraph-checkpoint-sqlite@3.0.1
purl pkg:pypi/langgraph-checkpoint-sqlite@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@3.0.1
aliases CVE-2025-67644, GHSA-9rwj-6rc7-p77c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vr9-u3zr-17dz
1
url VCID-jza8-b2m9-2ycr
vulnerability_id VCID-jza8-b2m9-2ycr
summary LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64104
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12009
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64104
1
reference_url https://github.com/langchain-ai/langgraph
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langgraph
2
reference_url https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03eb29232de4
reference_id bc9d45b476101e441cb1cc602dea03eb29232de4
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T15:33:02Z/
url https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03eb29232de4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64104
reference_id CVE-2025-64104
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64104
4
reference_url https://github.com/advisories/GHSA-7p73-8jqx-23r8
reference_id GHSA-7p73-8jqx-23r8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7p73-8jqx-23r8
5
reference_url https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r8
reference_id GHSA-7p73-8jqx-23r8
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T15:33:02Z/
url https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r8
fixed_packages
0
url pkg:pypi/langgraph-checkpoint-sqlite@2.0.11
purl pkg:pypi/langgraph-checkpoint-sqlite@2.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vr9-u3zr-17dz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@2.0.11
aliases CVE-2025-64104, GHSA-7p73-8jqx-23r8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jza8-b2m9-2ycr
2
url VCID-reve-vr7e-7ufb
vulnerability_id VCID-reve-vr7e-7ufb
summary A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8709.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8709.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8709
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04901
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8709
2
reference_url https://github.com/langchain-ai/langgraph
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langgraph
3
reference_url https://github.com/langchain-ai/langgraph/pull/5666
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langgraph/pull/5666
4
reference_url https://github.com/langchain-ai/langgraph/releases/tag/checkpointsqlite%3D%3D2.0.11
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langgraph/releases/tag/checkpointsqlite%3D%3D2.0.11
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406382
reference_id 2406382
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2406382
6
reference_url https://huntr.com/bounties/9793f4b3-76f8-44a4-989f-49a2177ee118
reference_id 9793f4b3-76f8-44a4-989f-49a2177ee118
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:32:35Z/
url https://huntr.com/bounties/9793f4b3-76f8-44a4-989f-49a2177ee118
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8709
reference_id CVE-2025-8709
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8709
8
reference_url https://github.com/advisories/GHSA-4h97-wpxp-3757
reference_id GHSA-4h97-wpxp-3757
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4h97-wpxp-3757
fixed_packages
0
url pkg:pypi/langgraph-checkpoint-sqlite@2.0.11
purl pkg:pypi/langgraph-checkpoint-sqlite@2.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vr9-u3zr-17dz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@2.0.11
aliases CVE-2025-8709, GHSA-4h97-wpxp-3757
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-reve-vr7e-7ufb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@2.0.10