Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langgraph@0.2.72
Typepypi
Namespace
Namelanggraph
Version0.2.72
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.0.10rc1
Latest_non_vulnerable_version1.0.10
Affected_by_vulnerabilities
0
url VCID-gdkd-a1hh-7bek
vulnerability_id VCID-gdkd-a1hh-7bek
summary LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msgpack-encoded checkpoints that reconstruct Python objects during deserialization. If an attacker can modify checkpoint data in the backing store (for example, after a database compromise or other privileged write access to the persistence layer), they can potentially supply a crafted payload that triggers unsafe object reconstruction when the checkpoint is loaded. No known patch is public.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28277
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.56315
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28277
1
reference_url https://github.com/langchain-ai/langgraph
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langgraph
2
reference_url https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:04:22Z/
url https://github.com/langchain-ai/langgraph/security/advisories/GHSA-g48c-2wqr-h844
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28277
reference_id CVE-2026-28277
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28277
4
reference_url https://github.com/advisories/GHSA-g48c-2wqr-h844
reference_id GHSA-g48c-2wqr-h844
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g48c-2wqr-h844
fixed_packages
0
url pkg:pypi/langgraph@1.0.10rc1
purl pkg:pypi/langgraph@1.0.10rc1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph@1.0.10rc1
1
url pkg:pypi/langgraph@1.0.10
purl pkg:pypi/langgraph@1.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langgraph@1.0.10
aliases CVE-2026-28277, GHSA-g48c-2wqr-h844, PYSEC-2026-83
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdkd-a1hh-7bek
Fixing_vulnerabilities
Risk_score3.2
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langgraph@0.2.72