Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/44749?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/44749?format=api", "purl": "pkg:pypi/langchain-community@0.0.19", "type": "pypi", "namespace": "", "name": "langchain-community", "version": "0.0.19", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.3.27", "latest_non_vulnerable_version": "0.3.27", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9424?format=api", "vulnerability_id": "VCID-1ukg-d451-87es", "summary": "A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.38054", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2828" }, { "reference_url": "https://github.com/langchain-ai/langchain/commit/e188d4ecb085d4561a0be3c583d26aa9c2c3283f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-24T13:32:17Z/" } ], "url": "https://github.com/langchain-ai/langchain/commit/e188d4ecb085d4561a0be3c583d26aa9c2c3283f" }, { "reference_url": "https://github.com/langchain-ai/langchain-community", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain-community" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/langchain-community/PYSEC-2025-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/langchain-community/PYSEC-2025-70.yaml" }, { "reference_url": "https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-24T13:32:17Z/" } ], "url": "https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2828", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2828" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374398", "reference_id": "2374398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374398" }, { "reference_url": "https://github.com/advisories/GHSA-h5gc-rm8j-5gpr", "reference_id": "GHSA-h5gc-rm8j-5gpr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h5gc-rm8j-5gpr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/44758?format=api", "purl": "pkg:pypi/langchain-community@0.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5krq-jq7s-s3fw" }, { "vulnerability": "VCID-pwsw-h1a3-8bej" }, { "vulnerability": "VCID-rrk5-8kzj-jbcm" }, { "vulnerability": "VCID-tdjv-kb97-eqf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.0.28" } ], "aliases": [ "CVE-2025-2828", "GHSA-h5gc-rm8j-5gpr", "PYSEC-2025-70" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ukg-d451-87es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/274030?format=api", "vulnerability_id": "VCID-5krq-jq7s-s3fw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25553", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-5998" }, { "reference_url": "https://github.com/langchain-ai/langchain", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain" }, { "reference_url": "https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:28:59Z/" } ], "url": "https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7" }, { "reference_url": "https://github.com/langchain-ai/langchain/commit/77209f315efd13442ec51c67719ba37dfaa44511", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/commit/77209f315efd13442ec51c67719ba37dfaa44511" }, { "reference_url": "https://huntr.com/bounties/fa3a2753-57c3-4e08-a176-d7a3ffda28fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:28:59Z/" } ], "url": "https://huntr.com/bounties/fa3a2753-57c3-4e08-a176-d7a3ffda28fe" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5998", "reference_id": "CVE-2024-5998", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5998" }, { "reference_url": "https://github.com/advisories/GHSA-f2jm-rw3h-6phg", "reference_id": "GHSA-f2jm-rw3h-6phg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f2jm-rw3h-6phg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42675?format=api", "purl": "pkg:pypi/langchain-community@0.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdw2-3cca-p3cw" }, { "vulnerability": "VCID-rrk5-8kzj-jbcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.2.4" } ], "aliases": [ "CVE-2024-5998", "GHSA-f2jm-rw3h-6phg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5krq-jq7s-s3fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/259955?format=api", "vulnerability_id": "VCID-pwsw-h1a3-8bej", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3095", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3095" }, { "reference_url": "https://github.com/langchain-ai/langchain", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain" }, { "reference_url": "https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/24451", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/pull/24451" }, { "reference_url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-community%3D%3D0.2.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-community%3D%3D0.2.9" }, { "reference_url": "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:54:30Z/" } ], "url": "https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3095", "reference_id": "CVE-2024-3095", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3095" }, { "reference_url": "https://github.com/advisories/GHSA-q25c-c977-4cmh", "reference_id": "GHSA-q25c-c977-4cmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q25c-c977-4cmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42679?format=api", "purl": "pkg:pypi/langchain-community@0.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdw2-3cca-p3cw" }, { "vulnerability": "VCID-rrk5-8kzj-jbcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.2.9" } ], "aliases": [ "CVE-2024-3095", "GHSA-q25c-c977-4cmh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pwsw-h1a3-8bej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/316020?format=api", "vulnerability_id": "VCID-rrk5-8kzj-jbcm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6984.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01922", "scoring_system": "epss", "scoring_elements": "0.83666", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6984" }, { "reference_url": "https://github.com/langchain-ai/langchain/blob/d79b5813a0b3b243c612b77013768995e46c4337/libs/langchain/langchain/document_loaders/evernote.py#L1-L23", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/blob/d79b5813a0b3b243c612b77013768995e46c4337/libs/langchain/langchain/document_loaders/evernote.py#L1-L23" }, { "reference_url": "https://github.com/langchain-ai/langchain-community", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain-community" }, { "reference_url": "https://github.com/langchain-ai/langchain-community/commit/e842452108089524e22c3a2ced851c021884556f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain-community/commit/e842452108089524e22c3a2ced851c021884556f" }, { "reference_url": "https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T20:07:23Z/" } ], "url": "https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6984", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6984" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393073", "reference_id": "2393073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393073" }, { "reference_url": "https://github.com/advisories/GHSA-pc6w-59fv-rh23", "reference_id": "GHSA-pc6w-59fv-rh23", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pc6w-59fv-rh23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16514", "reference_id": "RHSA-2025:16514", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16514" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193506?format=api", "purl": "pkg:pypi/langchain-community@0.3.27", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.3.27" } ], "aliases": [ "CVE-2025-6984", "GHSA-pc6w-59fv-rh23" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrk5-8kzj-jbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9136?format=api", "vulnerability_id": "VCID-tdjv-kb97-eqf1", "summary": "A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11733", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2965" }, { "reference_url": "https://github.com/langchain-ai/langchain", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain" }, { "reference_url": "https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T13:30:27Z/" } ], "url": "https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82" }, { "reference_url": "https://github.com/langchain-ai/langchain/commit/9a877c7adbd06f90a2518152f65b562bd90487cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/commit/9a877c7adbd06f90a2518152f65b562bd90487cc" }, { "reference_url": "https://github.com/langchain-ai/langchain/pull/22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/langchain-ai/langchain/pull/22903" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-118.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-118.yaml" }, { "reference_url": "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T13:30:27Z/" } ], "url": "https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373306", "reference_id": "2373306", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373306" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2965", "reference_id": "CVE-2024-2965", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2965" }, { "reference_url": "https://github.com/advisories/GHSA-3hjh-jh2h-vrg6", "reference_id": "GHSA-3hjh-jh2h-vrg6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3hjh-jh2h-vrg6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42676?format=api", "purl": "pkg:pypi/langchain-community@0.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdw2-3cca-p3cw" }, { "vulnerability": "VCID-rrk5-8kzj-jbcm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.2.5" } ], "aliases": [ "CVE-2024-2965", "GHSA-3hjh-jh2h-vrg6", "PYSEC-2024-118" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdjv-kb97-eqf1" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.0.19" }