{"url":"http://public2.vulnerablecode.io/api/packages/34758?format=json","purl":"pkg:pypi/langgraph-checkpoint-sqlite@2.0.10","type":"pypi","namespace":"","name":"langgraph-checkpoint-sqlite","version":"2.0.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.1","latest_non_vulnerable_version":"3.0.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109158?format=json","vulnerability_id":"VCID-1vr9-u3zr-17dz","summary":"LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through metadata filter keys, affecting applications that accept untrusted metadata filter keys (not just filter values) in checkpoint search operations. The _metadata_predicate() function constructs SQL queries by interpolating filter keys directly into f-strings without validation. This issue is fixed in version 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67644","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06558","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67644"},{"reference_url":"https://github.com/langchain-ai/langgraph","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/langchain-ai/langgraph"},{"reference_url":"https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a","reference_id":"297242913f8ad2143ee3e2f72e67db0911d48e2a","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T15:35:51Z/"}],"url":"https://github.com/langchain-ai/langgraph/commit/297242913f8ad2143ee3e2f72e67db0911d48e2a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67644","reference_id":"CVE-2025-67644","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67644"},{"reference_url":"https://github.com/advisories/GHSA-9rwj-6rc7-p77c","reference_id":"GHSA-9rwj-6rc7-p77c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9rwj-6rc7-p77c"},{"reference_url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c","reference_id":"GHSA-9rwj-6rc7-p77c","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-11T15:35:51Z/"}],"url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-9rwj-6rc7-p77c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35985?format=json","purl":"pkg:pypi/langgraph-checkpoint-sqlite@3.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@3.0.1"}],"aliases":["CVE-2025-67644","GHSA-9rwj-6rc7-p77c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vr9-u3zr-17dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90689?format=json","vulnerability_id":"VCID-jza8-b2m9-2ycr","summary":"LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64104","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12009","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64104"},{"reference_url":"https://github.com/langchain-ai/langgraph","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/langchain-ai/langgraph"},{"reference_url":"https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03eb29232de4","reference_id":"bc9d45b476101e441cb1cc602dea03eb29232de4","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T15:33:02Z/"}],"url":"https://github.com/langchain-ai/langgraph/commit/bc9d45b476101e441cb1cc602dea03eb29232de4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64104","reference_id":"CVE-2025-64104","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64104"},{"reference_url":"https://github.com/advisories/GHSA-7p73-8jqx-23r8","reference_id":"GHSA-7p73-8jqx-23r8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7p73-8jqx-23r8"},{"reference_url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r8","reference_id":"GHSA-7p73-8jqx-23r8","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T15:33:02Z/"}],"url":"https://github.com/langchain-ai/langgraph/security/advisories/GHSA-7p73-8jqx-23r8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34759?format=json","purl":"pkg:pypi/langgraph-checkpoint-sqlite@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vr9-u3zr-17dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@2.0.11"}],"aliases":["CVE-2025-64104","GHSA-7p73-8jqx-23r8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jza8-b2m9-2ycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92330?format=json","vulnerability_id":"VCID-reve-vr7e-7ufb","summary":"A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8709.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8709","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8709"},{"reference_url":"https://github.com/langchain-ai/langgraph","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/langchain-ai/langgraph"},{"reference_url":"https://github.com/langchain-ai/langgraph/pull/5666","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/langchain-ai/langgraph/pull/5666"},{"reference_url":"https://github.com/langchain-ai/langgraph/releases/tag/checkpointsqlite%3D%3D2.0.11","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/langchain-ai/langgraph/releases/tag/checkpointsqlite%3D%3D2.0.11"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406382","reference_id":"2406382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406382"},{"reference_url":"https://huntr.com/bounties/9793f4b3-76f8-44a4-989f-49a2177ee118","reference_id":"9793f4b3-76f8-44a4-989f-49a2177ee118","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:32:35Z/"}],"url":"https://huntr.com/bounties/9793f4b3-76f8-44a4-989f-49a2177ee118"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8709","reference_id":"CVE-2025-8709","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8709"},{"reference_url":"https://github.com/advisories/GHSA-4h97-wpxp-3757","reference_id":"GHSA-4h97-wpxp-3757","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h97-wpxp-3757"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34759?format=json","purl":"pkg:pypi/langgraph-checkpoint-sqlite@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vr9-u3zr-17dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@2.0.11"}],"aliases":["CVE-2025-8709","GHSA-4h97-wpxp-3757"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-reve-vr7e-7ufb"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph-checkpoint-sqlite@2.0.10"}