Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langchain@0.0.45
Typepypi
Namespace
Namelangchain
Version0.0.45
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.30
Latest_non_vulnerable_version0.3.30
Affected_by_vulnerabilities
0
url VCID-1618-rc62-rke9
vulnerability_id VCID-1618-rc62-rke9
summary An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39659
reference_id
reference_type
scores
0
value 0.0161
scoring_system epss
scoring_elements 0.82173
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39659
1
reference_url https://github.com/advisories/GHSA-prgp-w7vf-ch62
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prgp-w7vf-ch62
2
reference_url https://github.com/langchain-ai/langchain/commit/cadfce295f8a33828fc635c2e5ea28b883e5c992
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/cadfce295f8a33828fc635c2e5ea28b883e5c992
3
reference_url https://github.com/langchain-ai/langchain/pull/12427
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/12427
4
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.325
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.325
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-147.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-147.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39659
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39659
7
reference_url https://github.com/langchain-ai/langchain/pull/5640
reference_id 5640
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-08T20:27:51Z/
url https://github.com/langchain-ai/langchain/pull/5640
8
reference_url https://github.com/langchain-ai/langchain/issues/7700
reference_id 7700
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-08T20:27:51Z/
url https://github.com/langchain-ai/langchain/issues/7700
fixed_packages
0
url pkg:pypi/langchain@0.0.233
purl pkg:pypi/langchain@0.0.233
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-h3je-vmhg-x7bv
12
vulnerability VCID-hxnj-z9jr-kue7
13
vulnerability VCID-jpa5-z25b-u3d3
14
vulnerability VCID-n4zy-w2mg-f3hx
15
vulnerability VCID-qvyx-jcxw-sbdh
16
vulnerability VCID-s4wf-9m6c-8yay
17
vulnerability VCID-tvj5-fy4j-yqar
18
vulnerability VCID-uhwf-4hp8-63gv
19
vulnerability VCID-vrea-ew6n-vyf9
20
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.233
1
url pkg:pypi/langchain@0.0.325
purl pkg:pypi/langchain@0.0.325
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-449d-vdfh-x7fd
2
vulnerability VCID-9879-hp1u-47ds
3
vulnerability VCID-9jxh-pfnm-w7gk
4
vulnerability VCID-cx6s-pyn2-cqcj
5
vulnerability VCID-d5qc-zvmu-rkde
6
vulnerability VCID-enm9-kr4g-hbbz
7
vulnerability VCID-hxnj-z9jr-kue7
8
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.325
aliases CVE-2023-39659, GHSA-prgp-w7vf-ch62, PYSEC-2023-147
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1618-rc62-rke9
1
url VCID-2rhm-rh9f-13b7
vulnerability_id VCID-2rhm-rh9f-13b7
summary LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
reference_id
reference_type
scores
0
value 0.13435
scoring_system epss
scoring_elements 0.94359
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28088
1
reference_url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e1924b3e93d513ca950c72f8e80e1c133749fba5
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-core/PYSEC-2024-45.yaml
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-43.yaml
4
reference_url https://github.com/langchain-ai/langchain/pull/18600
reference_id 18600
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/pull/18600
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
reference_id CVE-2024-28088
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28088
6
reference_url https://github.com/advisories/GHSA-h59x-p739-982c
reference_id GHSA-h59x-p739-982c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h59x-p739-982c
7
reference_url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
reference_id loading.py
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py
8
reference_url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
reference_id README.md
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-07T19:36:26Z/
url https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md
fixed_packages
0
url pkg:pypi/langchain@0.0.339
purl pkg:pypi/langchain@0.0.339
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-449d-vdfh-x7fd
2
vulnerability VCID-9879-hp1u-47ds
3
vulnerability VCID-9jxh-pfnm-w7gk
4
vulnerability VCID-cx6s-pyn2-cqcj
5
vulnerability VCID-d5qc-zvmu-rkde
6
vulnerability VCID-enm9-kr4g-hbbz
7
vulnerability VCID-hxnj-z9jr-kue7
8
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.339
1
url pkg:pypi/langchain@0.1.11
purl pkg:pypi/langchain@0.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9jxh-pfnm-w7gk
1
vulnerability VCID-d5qc-zvmu-rkde
2
vulnerability VCID-enm9-kr4g-hbbz
3
vulnerability VCID-hxnj-z9jr-kue7
4
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.1.11
aliases CVE-2024-28088, GHSA-h59x-p739-982c, PYSEC-2024-43, PYSEC-2024-45
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhm-rh9f-13b7
2
url VCID-449d-vdfh-x7fd
vulnerability_id VCID-449d-vdfh-x7fd
summary langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3571
reference_id
reference_type
scores
0
value 0.01915
scoring_system epss
scoring_elements 0.83705
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3571
1
reference_url https://huntr.com/bounties/2df3acdc-ee4f-4257-bbf8-a7de3870a9d8
reference_id 2df3acdc-ee4f-4257-bbf8-a7de3870a9d8
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:16:15Z/
url https://huntr.com/bounties/2df3acdc-ee4f-4257-bbf8-a7de3870a9d8
2
reference_url https://github.com/langchain-ai/langchain/commit/aad3d8bd47d7f5598156ff2bdcc8f736f24a7412
reference_id aad3d8bd47d7f5598156ff2bdcc8f736f24a7412
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:16:15Z/
url https://github.com/langchain-ai/langchain/commit/aad3d8bd47d7f5598156ff2bdcc8f736f24a7412
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3571
reference_id CVE-2024-3571
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3571
4
reference_url https://github.com/advisories/GHSA-rgp8-pm28-3759
reference_id GHSA-rgp8-pm28-3759
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgp8-pm28-3759
fixed_packages
0
url pkg:pypi/langchain@0.0.353
purl pkg:pypi/langchain@0.0.353
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-9879-hp1u-47ds
2
vulnerability VCID-9jxh-pfnm-w7gk
3
vulnerability VCID-cx6s-pyn2-cqcj
4
vulnerability VCID-d5qc-zvmu-rkde
5
vulnerability VCID-enm9-kr4g-hbbz
6
vulnerability VCID-hxnj-z9jr-kue7
7
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.353
aliases CVE-2024-3571, GHSA-rgp8-pm28-3759
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-449d-vdfh-x7fd
3
url VCID-8jk9-a8mt-mke3
vulnerability_id VCID-8jk9-a8mt-mke3
summary An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36258
reference_id
reference_type
scores
0
value 0.00741
scoring_system epss
scoring_elements 0.7342
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36258
1
reference_url https://github.com/advisories/GHSA-2qmj-7962-cjq8
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qmj-7962-cjq8
2
reference_url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
3
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
4
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
5
reference_url https://github.com/langchain-ai/langchain/issues/5872#issuecomment-1697785619
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/5872#issuecomment-1697785619
6
reference_url https://github.com/langchain-ai/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6003
7
reference_url https://github.com/langchain-ai/langchain/pull/7870
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/7870
8
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-98.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-98.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36258
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36258
11
reference_url https://github.com/hwchase17/langchain/issues/5872
reference_id 5872
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-22T16:45:46Z/
url https://github.com/hwchase17/langchain/issues/5872
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-9879-hp1u-47ds
4
vulnerability VCID-9jxh-pfnm-w7gk
5
vulnerability VCID-cx6s-pyn2-cqcj
6
vulnerability VCID-d5qc-zvmu-rkde
7
vulnerability VCID-enm9-kr4g-hbbz
8
vulnerability VCID-hxnj-z9jr-kue7
9
vulnerability VCID-qvyx-jcxw-sbdh
10
vulnerability VCID-s4wf-9m6c-8yay
11
vulnerability VCID-tvj5-fy4j-yqar
12
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-36258, GHSA-2qmj-7962-cjq8, PYSEC-2023-98
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jk9-a8mt-mke3
4
url VCID-9879-hp1u-47ds
vulnerability_id VCID-9879-hp1u-47ds
summary 
With the following crawler configuration:

```python
from bs4 import BeautifulSoup as Soup

url = "https://example.com"
loader = RecursiveUrlLoader(
    url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text
)
docs = loader.load()
```

An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`.

https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51

Resolved in https://github.com/langchain-ai/langchain/pull/15559
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-0243
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26218
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-0243
1
reference_url https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-exa/PYSEC-2024-235.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain-exa/PYSEC-2024-235.yaml
3
reference_url https://github.com/langchain-ai/langchain/pull/15559
reference_id 15559
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T18:43:11Z/
url https://github.com/langchain-ai/langchain/pull/15559
4
reference_url https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861
reference_id 370904e7-10ac-40a4-a8d4-e2d16e1ca861
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T18:43:11Z/
url https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861
5
reference_url https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22
reference_id bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T18:43:11Z/
url https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-0243
reference_id CVE-2024-0243
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-0243
7
reference_url https://github.com/advisories/GHSA-h9j7-5xvc-qhg5
reference_id GHSA-h9j7-5xvc-qhg5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h9j7-5xvc-qhg5
fixed_packages
0
url pkg:pypi/langchain@0.1.0
purl pkg:pypi/langchain@0.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-9jxh-pfnm-w7gk
2
vulnerability VCID-cx6s-pyn2-cqcj
3
vulnerability VCID-d5qc-zvmu-rkde
4
vulnerability VCID-enm9-kr4g-hbbz
5
vulnerability VCID-hxnj-z9jr-kue7
6
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.1.0
aliases CVE-2024-0243, GHSA-h9j7-5xvc-qhg5, PYSEC-2024-235
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9879-hp1u-47ds
5
url VCID-9jxh-pfnm-w7gk
vulnerability_id VCID-9jxh-pfnm-w7gk
summary A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-5998
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25571
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-5998
1
reference_url https://github.com/langchain-ai/langchain/commit/77209f315efd13442ec51c67719ba37dfaa44511
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/77209f315efd13442ec51c67719ba37dfaa44511
2
reference_url https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7
reference_id 604dfe2d99246b0c09f047c604f0c63eafba31e7
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:28:59Z/
url https://github.com/langchain-ai/langchain/commit/604dfe2d99246b0c09f047c604f0c63eafba31e7
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-5998
reference_id CVE-2024-5998
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-5998
4
reference_url https://huntr.com/bounties/fa3a2753-57c3-4e08-a176-d7a3ffda28fe
reference_id fa3a2753-57c3-4e08-a176-d7a3ffda28fe
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
2
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:28:59Z/
url https://huntr.com/bounties/fa3a2753-57c3-4e08-a176-d7a3ffda28fe
5
reference_url https://github.com/advisories/GHSA-f2jm-rw3h-6phg
reference_id GHSA-f2jm-rw3h-6phg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2jm-rw3h-6phg
fixed_packages
0
url pkg:pypi/langchain@0.2.10
purl pkg:pypi/langchain@0.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-enm9-kr4g-hbbz
1
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.2.10
aliases CVE-2024-5998, GHSA-f2jm-rw3h-6phg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jxh-pfnm-w7gk
6
url VCID-9yh8-14yh-abhr
vulnerability_id VCID-9yh8-14yh-abhr
summary Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34541
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37396
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34541
1
reference_url https://github.com/advisories/GHSA-6643-h7h5-x9wh
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6643-h7h5-x9wh
2
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
3
reference_url https://github.com/langchain-ai/langchain/issues/4849
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/4849
4
reference_url https://github.com/langchain-ai/langchain/issues/4849#issuecomment-1697896569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/4849#issuecomment-1697896569
5
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-92.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-92.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34541
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34541
8
reference_url https://github.com/hwchase17/langchain/issues/4849
reference_id 4849
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-12-09T21:10:29Z/
url https://github.com/hwchase17/langchain/issues/4849
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-9879-hp1u-47ds
4
vulnerability VCID-9jxh-pfnm-w7gk
5
vulnerability VCID-cx6s-pyn2-cqcj
6
vulnerability VCID-d5qc-zvmu-rkde
7
vulnerability VCID-enm9-kr4g-hbbz
8
vulnerability VCID-hxnj-z9jr-kue7
9
vulnerability VCID-qvyx-jcxw-sbdh
10
vulnerability VCID-s4wf-9m6c-8yay
11
vulnerability VCID-tvj5-fy4j-yqar
12
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-34541, GHSA-6643-h7h5-x9wh, PYSEC-2023-92
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9yh8-14yh-abhr
7
url VCID-cx6s-pyn2-cqcj
vulnerability_id VCID-cx6s-pyn2-cqcj
summary A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3095
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.37018
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3095
1
reference_url https://github.com/langchain-ai/langchain/pull/24451
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/24451
2
reference_url https://github.com/langchain-ai/langchain/releases/tag/langchain-community%3D%3D0.2.9
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/langchain-community%3D%3D0.2.9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3095
reference_id CVE-2024-3095
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3095
4
reference_url https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273
reference_id e62d4895-2901-405b-9559-38276b6a5273
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:54:30Z/
url https://huntr.com/bounties/e62d4895-2901-405b-9559-38276b6a5273
5
reference_url https://github.com/advisories/GHSA-q25c-c977-4cmh
reference_id GHSA-q25c-c977-4cmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q25c-c977-4cmh
fixed_packages
0
url pkg:pypi/langchain@0.1.6
purl pkg:pypi/langchain@0.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-9jxh-pfnm-w7gk
2
vulnerability VCID-d5qc-zvmu-rkde
3
vulnerability VCID-enm9-kr4g-hbbz
4
vulnerability VCID-hxnj-z9jr-kue7
5
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.1.6
aliases CVE-2024-3095, GHSA-q25c-c977-4cmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cx6s-pyn2-cqcj
8
url VCID-d5qc-zvmu-rkde
vulnerability_id VCID-d5qc-zvmu-rkde
summary A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2965.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2965.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2965
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11719
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2965
2
reference_url https://github.com/langchain-ai/langchain/commit/9a877c7adbd06f90a2518152f65b562bd90487cc
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/9a877c7adbd06f90a2518152f65b562bd90487cc
3
reference_url https://github.com/langchain-ai/langchain/pull/22903
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/22903
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-118.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-118.yaml
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2373306
reference_id 2373306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2373306
6
reference_url https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82
reference_id 73c42306745b0831aa6fe7fe4eeb70d2c2d87a82
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T13:30:27Z/
url https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82
7
reference_url https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae
reference_id 90b0776d-9fa6-4841-aac4-09fde5918cae
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T13:30:27Z/
url https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2965
reference_id CVE-2024-2965
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-2965
9
reference_url https://github.com/advisories/GHSA-3hjh-jh2h-vrg6
reference_id GHSA-3hjh-jh2h-vrg6
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hjh-jh2h-vrg6
fixed_packages
0
url pkg:pypi/langchain@0.2.5
purl pkg:pypi/langchain@0.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9jxh-pfnm-w7gk
1
vulnerability VCID-enm9-kr4g-hbbz
2
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.2.5
aliases CVE-2024-2965, GHSA-3hjh-jh2h-vrg6, PYSEC-2024-118
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5qc-zvmu-rkde
9
url VCID-dg53-vte1-zyfy
vulnerability_id VCID-dg53-vte1-zyfy
summary 
Langchain SQL Injection vulnerability
In Langchain before 0.0.247, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32785
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32785
1
reference_url https://github.com/advisories/GHSA-8h5w-f6q9-wg35
reference_id GHSA-8h5w-f6q9-wg35
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h5w-f6q9-wg35
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-9879-hp1u-47ds
4
vulnerability VCID-9jxh-pfnm-w7gk
5
vulnerability VCID-cx6s-pyn2-cqcj
6
vulnerability VCID-d5qc-zvmu-rkde
7
vulnerability VCID-enm9-kr4g-hbbz
8
vulnerability VCID-hxnj-z9jr-kue7
9
vulnerability VCID-qvyx-jcxw-sbdh
10
vulnerability VCID-s4wf-9m6c-8yay
11
vulnerability VCID-tvj5-fy4j-yqar
12
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-32785, GHSA-8h5w-f6q9-wg35
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dg53-vte1-zyfy
10
url VCID-ebf6-jbty-7bbr
vulnerability_id VCID-ebf6-jbty-7bbr
summary In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32786
reference_id
reference_type
scores
0
value 0.00135
scoring_system epss
scoring_elements 0.33167
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32786
1
reference_url https://github.com/langchain-ai/langchain/pull/12747
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/12747
2
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.329
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.329
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32786
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32786
4
reference_url https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
reference_id d265f46fc3161b31ac2e81db44d662e1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-12T17:54:35Z/
url https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1
5
reference_url https://github.com/advisories/GHSA-6h8p-4hx9-w66c
reference_id GHSA-6h8p-4hx9-w66c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6h8p-4hx9-w66c
fixed_packages
0
url pkg:pypi/langchain@0.0.156
purl pkg:pypi/langchain@0.0.156
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-h3je-vmhg-x7bv
12
vulnerability VCID-hxnj-z9jr-kue7
13
vulnerability VCID-jpa5-z25b-u3d3
14
vulnerability VCID-n4zy-w2mg-f3hx
15
vulnerability VCID-qkx6-aewg-ryhb
16
vulnerability VCID-qvyx-jcxw-sbdh
17
vulnerability VCID-s4wf-9m6c-8yay
18
vulnerability VCID-tvj5-fy4j-yqar
19
vulnerability VCID-uhwf-4hp8-63gv
20
vulnerability VCID-vrea-ew6n-vyf9
21
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.156
1
url pkg:pypi/langchain@0.0.329
purl pkg:pypi/langchain@0.0.329
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-449d-vdfh-x7fd
2
vulnerability VCID-9879-hp1u-47ds
3
vulnerability VCID-9jxh-pfnm-w7gk
4
vulnerability VCID-cx6s-pyn2-cqcj
5
vulnerability VCID-d5qc-zvmu-rkde
6
vulnerability VCID-enm9-kr4g-hbbz
7
vulnerability VCID-hxnj-z9jr-kue7
8
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.329
aliases CVE-2023-32786, GHSA-6h8p-4hx9-w66c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ebf6-jbty-7bbr
11
url VCID-enm9-kr4g-hbbz
vulnerability_id VCID-enm9-kr4g-hbbz
summary LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods (pull_prompt / pull_prompt_commit in Python, pullPrompt / pullPromptCommit in JS/TS) fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime behavior. When pulling a public prompt by owner/name identifier, the manifest content is controlled by an external party, but prior versions of the SDK did not distinguish this from pulling a prompt within the caller's own organization. This vulnerability is fixed in LangSmith SDK Python 0.8.0 and JS/TS 0.6.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45134
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11071
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45134
1
reference_url https://github.com/langchain-ai/langsmith-sdk
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langsmith-sdk
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45134
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45134
3
reference_url https://github.com/advisories/GHSA-3644-q5cj-c5c7
reference_id GHSA-3644-q5cj-c5c7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3644-q5cj-c5c7
4
reference_url https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-3644-q5cj-c5c7
reference_id GHSA-3644-q5cj-c5c7
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T18:13:39Z/
url https://github.com/langchain-ai/langsmith-sdk/security/advisories/GHSA-3644-q5cj-c5c7
fixed_packages
0
url pkg:pypi/langchain@0.3.30
purl pkg:pypi/langchain@0.3.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.3.30
aliases CVE-2026-45134, GHSA-3644-q5cj-c5c7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enm9-kr4g-hbbz
12
url VCID-h3je-vmhg-x7bv
vulnerability_id VCID-h3je-vmhg-x7bv
summary An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38896
reference_id
reference_type
scores
0
value 0.01059
scoring_system epss
scoring_elements 0.78045
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38896
1
reference_url https://github.com/advisories/GHSA-92j5-3459-qgp4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92j5-3459-qgp4
2
reference_url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
3
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-146.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-146.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38896
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38896
6
reference_url https://twitter.com/llm_sec/status/1668711587287375876
reference_id 1668711587287375876
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:02:00Z/
url https://twitter.com/llm_sec/status/1668711587287375876
7
reference_url https://github.com/hwchase17/langchain/issues/5872
reference_id 5872
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:02:00Z/
url https://github.com/hwchase17/langchain/issues/5872
8
reference_url https://github.com/hwchase17/langchain/pull/6003
reference_id 6003
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:02:00Z/
url https://github.com/hwchase17/langchain/pull/6003
fixed_packages
0
url pkg:pypi/langchain@0.0.195
purl pkg:pypi/langchain@0.0.195
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-h3je-vmhg-x7bv
12
vulnerability VCID-hxnj-z9jr-kue7
13
vulnerability VCID-jpa5-z25b-u3d3
14
vulnerability VCID-n4zy-w2mg-f3hx
15
vulnerability VCID-qkx6-aewg-ryhb
16
vulnerability VCID-qvyx-jcxw-sbdh
17
vulnerability VCID-s4wf-9m6c-8yay
18
vulnerability VCID-tvj5-fy4j-yqar
19
vulnerability VCID-uhwf-4hp8-63gv
20
vulnerability VCID-vrea-ew6n-vyf9
21
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.195
1
url pkg:pypi/langchain@0.0.236
purl pkg:pypi/langchain@0.0.236
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-hxnj-z9jr-kue7
12
vulnerability VCID-jpa5-z25b-u3d3
13
vulnerability VCID-n4zy-w2mg-f3hx
14
vulnerability VCID-qvyx-jcxw-sbdh
15
vulnerability VCID-s4wf-9m6c-8yay
16
vulnerability VCID-tvj5-fy4j-yqar
17
vulnerability VCID-uhwf-4hp8-63gv
18
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236
aliases CVE-2023-38896, GHSA-92j5-3459-qgp4, PYSEC-2023-146
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3je-vmhg-x7bv
13
url VCID-hxnj-z9jr-kue7
vulnerability_id VCID-hxnj-z9jr-kue7
summary A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8309.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8309.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8309
reference_id
reference_type
scores
0
value 0.02002
scoring_system epss
scoring_elements 0.84044
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8309
2
reference_url https://github.com/advisories/GHSA-45pg-36p6-83v9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/advisories/GHSA-45pg-36p6-83v9
3
reference_url https://github.com/langchain-ai/langchain/commit/64c317eba05fbac0c6a6fc5aa192bc0d7130972e
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/64c317eba05fbac0c6a6fc5aa192bc0d7130972e
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-115.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-115.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8309
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8309
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322452
reference_id 2322452
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322452
7
reference_url https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
reference_id 8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:16Z/
url https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
8
reference_url https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
reference_id c2a3021bb0c5f54649d380b42a0684ca5778c255
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:16Z/
url https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
fixed_packages
0
url pkg:pypi/langchain@0.2.0
purl pkg:pypi/langchain@0.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9jxh-pfnm-w7gk
1
vulnerability VCID-d5qc-zvmu-rkde
2
vulnerability VCID-enm9-kr4g-hbbz
3
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.2.0
aliases CVE-2024-8309, GHSA-45pg-36p6-83v9, PYSEC-2024-115
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxnj-z9jr-kue7
14
url VCID-jpa5-z25b-u3d3
vulnerability_id VCID-jpa5-z25b-u3d3
summary SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36189
reference_id
reference_type
scores
0
value 0.00163
scoring_system epss
scoring_elements 0.37042
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36189
1
reference_url https://github.com/advisories/GHSA-7q94-qpjr-xpgm
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q94-qpjr-xpgm
2
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
3
reference_url https://github.com/langchain-ai/langchain/issues/5923
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/5923
4
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-110.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36189
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36189
7
reference_url https://github.com/hwchase17/langchain/issues/5923
reference_id 5923
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://github.com/hwchase17/langchain/issues/5923
8
reference_url https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841
reference_id 5923#issuecomment-1696053841
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://github.com/langchain-ai/langchain/issues/5923#issuecomment-1696053841
9
reference_url https://github.com/hwchase17/langchain/pull/6051
reference_id 6051
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://github.com/hwchase17/langchain/pull/6051
10
reference_url https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
reference_id 9c58d39db8c01db5b7c888e467c0533f
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:29:03Z/
url https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-9879-hp1u-47ds
4
vulnerability VCID-9jxh-pfnm-w7gk
5
vulnerability VCID-cx6s-pyn2-cqcj
6
vulnerability VCID-d5qc-zvmu-rkde
7
vulnerability VCID-enm9-kr4g-hbbz
8
vulnerability VCID-hxnj-z9jr-kue7
9
vulnerability VCID-qvyx-jcxw-sbdh
10
vulnerability VCID-s4wf-9m6c-8yay
11
vulnerability VCID-tvj5-fy4j-yqar
12
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-36189, GHSA-7q94-qpjr-xpgm, PYSEC-2023-110
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jpa5-z25b-u3d3
15
url VCID-n4zy-w2mg-f3hx
vulnerability_id VCID-n4zy-w2mg-f3hx
summary An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36188
reference_id
reference_type
scores
0
value 0.11195
scoring_system epss
scoring_elements 0.93669
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36188
1
reference_url https://github.com/advisories/GHSA-57fc-8q82-gfp3
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-57fc-8q82-gfp3
2
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
3
reference_url https://github.com/langchain-ai/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6003
4
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-109.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-109.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36188
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36188
7
reference_url https://github.com/hwchase17/langchain/issues/5872
reference_id 5872
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-19T19:03:12Z/
url https://github.com/hwchase17/langchain/issues/5872
8
reference_url https://github.com/hwchase17/langchain/pull/6003
reference_id 6003
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-11-19T19:03:12Z/
url https://github.com/hwchase17/langchain/pull/6003
fixed_packages
0
url pkg:pypi/langchain@0.0.65
purl pkg:pypi/langchain@0.0.65
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-ebf6-jbty-7bbr
11
vulnerability VCID-enm9-kr4g-hbbz
12
vulnerability VCID-h3je-vmhg-x7bv
13
vulnerability VCID-hxnj-z9jr-kue7
14
vulnerability VCID-jpa5-z25b-u3d3
15
vulnerability VCID-n4zy-w2mg-f3hx
16
vulnerability VCID-qkx6-aewg-ryhb
17
vulnerability VCID-qq81-myur-z7f9
18
vulnerability VCID-qvyx-jcxw-sbdh
19
vulnerability VCID-s4wf-9m6c-8yay
20
vulnerability VCID-tvj5-fy4j-yqar
21
vulnerability VCID-uhwf-4hp8-63gv
22
vulnerability VCID-vrea-ew6n-vyf9
23
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.65
1
url pkg:pypi/langchain@0.0.236
purl pkg:pypi/langchain@0.0.236
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-hxnj-z9jr-kue7
12
vulnerability VCID-jpa5-z25b-u3d3
13
vulnerability VCID-n4zy-w2mg-f3hx
14
vulnerability VCID-qvyx-jcxw-sbdh
15
vulnerability VCID-s4wf-9m6c-8yay
16
vulnerability VCID-tvj5-fy4j-yqar
17
vulnerability VCID-uhwf-4hp8-63gv
18
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236
2
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-9879-hp1u-47ds
4
vulnerability VCID-9jxh-pfnm-w7gk
5
vulnerability VCID-cx6s-pyn2-cqcj
6
vulnerability VCID-d5qc-zvmu-rkde
7
vulnerability VCID-enm9-kr4g-hbbz
8
vulnerability VCID-hxnj-z9jr-kue7
9
vulnerability VCID-qvyx-jcxw-sbdh
10
vulnerability VCID-s4wf-9m6c-8yay
11
vulnerability VCID-tvj5-fy4j-yqar
12
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-36188, GHSA-57fc-8q82-gfp3, PYSEC-2023-109
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4zy-w2mg-f3hx
16
url VCID-qkx6-aewg-ryhb
vulnerability_id VCID-qkx6-aewg-ryhb
summary Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34540
reference_id
reference_type
scores
0
value 0.0187
scoring_system epss
scoring_elements 0.83513
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34540
1
reference_url https://github.com/advisories/GHSA-x32c-59v5-h7fg
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x32c-59v5-h7fg
2
reference_url https://github.com/hwchase17/langchain/issues/4833
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/hwchase17/langchain/issues/4833
3
reference_url https://github.com/langchain-ai/langchain/commit/a2f191a32229256dd41deadf97786fe41ce04cbb
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/a2f191a32229256dd41deadf97786fe41ce04cbb
4
reference_url https://github.com/langchain-ai/langchain/issues/4833
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/4833
5
reference_url https://github.com/langchain-ai/langchain/pull/6992
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6992
6
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.225
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-91.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-91.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34540
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34540
fixed_packages
0
url pkg:pypi/langchain@0.0.225
purl pkg:pypi/langchain@0.0.225
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-h3je-vmhg-x7bv
12
vulnerability VCID-hxnj-z9jr-kue7
13
vulnerability VCID-jpa5-z25b-u3d3
14
vulnerability VCID-n4zy-w2mg-f3hx
15
vulnerability VCID-qvyx-jcxw-sbdh
16
vulnerability VCID-s4wf-9m6c-8yay
17
vulnerability VCID-tvj5-fy4j-yqar
18
vulnerability VCID-uhwf-4hp8-63gv
19
vulnerability VCID-vrea-ew6n-vyf9
20
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.225
aliases CVE-2023-34540, GHSA-x32c-59v5-h7fg, PYSEC-2023-91
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkx6-aewg-ryhb
17
url VCID-qq81-myur-z7f9
vulnerability_id VCID-qq81-myur-z7f9
summary In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29374
reference_id
reference_type
scores
0
value 0.03769
scoring_system epss
scoring_elements 0.88308
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29374
1
reference_url https://github.com/advisories/GHSA-fprp-p869-w6q2
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fprp-p869-w6q2
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-18.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29374
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29374
4
reference_url https://twitter.com/rharang/status/1641899743608463365/photo/1
reference_id 1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://twitter.com/rharang/status/1641899743608463365/photo/1
5
reference_url https://github.com/hwchase17/langchain/issues/1026
reference_id 1026
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://github.com/hwchase17/langchain/issues/1026
6
reference_url https://github.com/hwchase17/langchain/pull/1119
reference_id 1119
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://github.com/hwchase17/langchain/pull/1119
7
reference_url https://github.com/hwchase17/langchain/issues/814
reference_id 814
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-12T16:14:23Z/
url https://github.com/hwchase17/langchain/issues/814
fixed_packages
0
url pkg:pypi/langchain@0.0.132
purl pkg:pypi/langchain@0.0.132
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-ebf6-jbty-7bbr
11
vulnerability VCID-enm9-kr4g-hbbz
12
vulnerability VCID-h3je-vmhg-x7bv
13
vulnerability VCID-hxnj-z9jr-kue7
14
vulnerability VCID-jpa5-z25b-u3d3
15
vulnerability VCID-n4zy-w2mg-f3hx
16
vulnerability VCID-qkx6-aewg-ryhb
17
vulnerability VCID-qvyx-jcxw-sbdh
18
vulnerability VCID-s4wf-9m6c-8yay
19
vulnerability VCID-tvj5-fy4j-yqar
20
vulnerability VCID-uhwf-4hp8-63gv
21
vulnerability VCID-vrea-ew6n-vyf9
22
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.132
aliases CVE-2023-29374, GHSA-fprp-p869-w6q2, PYSEC-2023-18
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qq81-myur-z7f9
18
url VCID-qvyx-jcxw-sbdh
vulnerability_id VCID-qvyx-jcxw-sbdh
summary LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46229.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46229.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46229
reference_id
reference_type
scores
0
value 0.01752
scoring_system epss
scoring_elements 0.82978
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46229
2
reference_url https://github.com/advisories/GHSA-655w-fm8m-m478
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-655w-fm8m-m478
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-205.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-205.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46229
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46229
5
reference_url https://github.com/langchain-ai/langchain/pull/11925
reference_id 11925
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T18:06:03Z/
url https://github.com/langchain-ai/langchain/pull/11925
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2390135
reference_id 2390135
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2390135
7
reference_url https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8
reference_id 9ecb7240a480720ec9d739b3877a52f76098a2b8
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T18:06:03Z/
url https://github.com/langchain-ai/langchain/commit/9ecb7240a480720ec9d739b3877a52f76098a2b8
fixed_packages
0
url pkg:pypi/langchain@0.0.317
purl pkg:pypi/langchain@0.0.317
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-449d-vdfh-x7fd
2
vulnerability VCID-9879-hp1u-47ds
3
vulnerability VCID-9jxh-pfnm-w7gk
4
vulnerability VCID-cx6s-pyn2-cqcj
5
vulnerability VCID-d5qc-zvmu-rkde
6
vulnerability VCID-enm9-kr4g-hbbz
7
vulnerability VCID-hxnj-z9jr-kue7
8
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.317
aliases CVE-2023-46229, GHSA-655w-fm8m-m478, PYSEC-2023-205
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvyx-jcxw-sbdh
19
url VCID-s4wf-9m6c-8yay
vulnerability_id VCID-s4wf-9m6c-8yay
summary An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36281
reference_id
reference_type
scores
0
value 0.62245
scoring_system epss
scoring_elements 0.98385
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36281
1
reference_url https://github.com/advisories/GHSA-7gfq-f96f-g85j
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gfq-f96f-g85j
2
reference_url https://github.com/langchain-ai/langchain/commit/22abeb9f6cc555591bf8e92b5e328e43aa07ff6c
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/22abeb9f6cc555591bf8e92b5e328e43aa07ff6c
3
reference_url https://github.com/langchain-ai/langchain/pull/10252
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/10252
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-151.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-151.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36281
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36281
6
reference_url https://github.com/hwchase17/langchain/issues/4394
reference_id 4394
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2023-12-13T16:27:50Z/
url https://github.com/hwchase17/langchain/issues/4394
7
reference_url https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
reference_id LangChain-2e6244a313dd46139c5ef28cbcab9e55
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2023-12-13T16:27:50Z/
url https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55
8
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
reference_id v0.0.312
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2023-12-13T16:27:50Z/
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.312
fixed_packages
0
url pkg:pypi/langchain@0.0.171
purl pkg:pypi/langchain@0.0.171
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-h3je-vmhg-x7bv
12
vulnerability VCID-hxnj-z9jr-kue7
13
vulnerability VCID-jpa5-z25b-u3d3
14
vulnerability VCID-n4zy-w2mg-f3hx
15
vulnerability VCID-qkx6-aewg-ryhb
16
vulnerability VCID-qvyx-jcxw-sbdh
17
vulnerability VCID-s4wf-9m6c-8yay
18
vulnerability VCID-tvj5-fy4j-yqar
19
vulnerability VCID-uhwf-4hp8-63gv
20
vulnerability VCID-vrea-ew6n-vyf9
21
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.171
1
url pkg:pypi/langchain@0.0.312
purl pkg:pypi/langchain@0.0.312
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-449d-vdfh-x7fd
2
vulnerability VCID-9879-hp1u-47ds
3
vulnerability VCID-9jxh-pfnm-w7gk
4
vulnerability VCID-cx6s-pyn2-cqcj
5
vulnerability VCID-d5qc-zvmu-rkde
6
vulnerability VCID-enm9-kr4g-hbbz
7
vulnerability VCID-hxnj-z9jr-kue7
8
vulnerability VCID-qvyx-jcxw-sbdh
9
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.312
aliases CVE-2023-36281, GHSA-7gfq-f96f-g85j, PYSEC-2023-151
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4wf-9m6c-8yay
20
url VCID-tvj5-fy4j-yqar
vulnerability_id VCID-tvj5-fy4j-yqar
summary An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39631
reference_id
reference_type
scores
0
value 0.01754
scoring_system epss
scoring_elements 0.82988
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39631
1
reference_url https://github.com/advisories/GHSA-f73w-4m7g-ch9x
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f73w-4m7g-ch9x
2
reference_url https://github.com/langchain-ai/langchain/pull/11302
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/11302
3
reference_url https://github.com/langchain-ai/langchain/releases/tag/v0.0.308
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/releases/tag/v0.0.308
4
reference_url https://github.com/pydata/numexpr/commit/4b2d89cf14e75030d27629925b9998e1e91d23c7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pydata/numexpr/commit/4b2d89cf14e75030d27629925b9998e1e91d23c7
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-162.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-162.yaml
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/numexpr/PYSEC-2023-163.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/numexpr/PYSEC-2023-163.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39631
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39631
8
reference_url https://github.com/pydata/numexpr/issues/442
reference_id 442
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-01T13:18:27Z/
url https://github.com/pydata/numexpr/issues/442
9
reference_url https://github.com/langchain-ai/langchain/issues/8363
reference_id 8363
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-01T13:18:27Z/
url https://github.com/langchain-ai/langchain/issues/8363
fixed_packages
0
url pkg:pypi/langchain@0.0.308
purl pkg:pypi/langchain@0.0.308
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhm-rh9f-13b7
1
vulnerability VCID-449d-vdfh-x7fd
2
vulnerability VCID-9879-hp1u-47ds
3
vulnerability VCID-9jxh-pfnm-w7gk
4
vulnerability VCID-cx6s-pyn2-cqcj
5
vulnerability VCID-d5qc-zvmu-rkde
6
vulnerability VCID-enm9-kr4g-hbbz
7
vulnerability VCID-hxnj-z9jr-kue7
8
vulnerability VCID-qvyx-jcxw-sbdh
9
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.308
aliases CVE-2023-39631, GHSA-f73w-4m7g-ch9x, PYSEC-2023-162, PYSEC-2023-163
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvj5-fy4j-yqar
21
url VCID-uhwf-4hp8-63gv
vulnerability_id VCID-uhwf-4hp8-63gv
summary A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
references
fixed_packages
0
url pkg:pypi/langchain@0.3.1
purl pkg:pypi/langchain@0.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-enm9-kr4g-hbbz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.3.1
aliases PYSEC-2024-114
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhwf-4hp8-63gv
22
url VCID-vrea-ew6n-vyf9
vulnerability_id VCID-vrea-ew6n-vyf9
summary An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36095
reference_id
reference_type
scores
0
value 0.03155
scoring_system epss
scoring_elements 0.87194
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36095
1
reference_url https://github.com/advisories/GHSA-gwqq-6vq7-5j86
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwqq-6vq7-5j86
2
reference_url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137
3
reference_url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e
4
reference_url https://github.com/langchain-ai/langchain/commits/v0.0.236?after=4d8b48bdb3f17c764c5c2e3c7140071603869e74+34&branch=v0.0.236&qualified_name=refs%2Ftags%2Fv0.0.236
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commits/v0.0.236?after=4d8b48bdb3f17c764c5c2e3c7140071603869e74+34&branch=v0.0.236&qualified_name=refs%2Ftags%2Fv0.0.236
5
reference_url https://github.com/langchain-ai/langchain/pull/6003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/6003
6
reference_url https://github.com/langchain-ai/langchain/pull/7870
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/7870
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-138.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-138.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36095
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36095
9
reference_url https://github.com/langchain-ai/langchain/issues/5872
reference_id 5872
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-17T14:46:57Z/
url https://github.com/langchain-ai/langchain/issues/5872
10
reference_url https://github.com/hwchase17/langchain
reference_id langchain
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-17T14:46:57Z/
url https://github.com/hwchase17/langchain
11
reference_url http://langchain.com
reference_id langchain.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-17T14:46:57Z/
url http://langchain.com
fixed_packages
0
url pkg:pypi/langchain@0.0.236
purl pkg:pypi/langchain@0.0.236
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-8jk9-a8mt-mke3
4
vulnerability VCID-9879-hp1u-47ds
5
vulnerability VCID-9jxh-pfnm-w7gk
6
vulnerability VCID-9yh8-14yh-abhr
7
vulnerability VCID-cx6s-pyn2-cqcj
8
vulnerability VCID-d5qc-zvmu-rkde
9
vulnerability VCID-dg53-vte1-zyfy
10
vulnerability VCID-enm9-kr4g-hbbz
11
vulnerability VCID-hxnj-z9jr-kue7
12
vulnerability VCID-jpa5-z25b-u3d3
13
vulnerability VCID-n4zy-w2mg-f3hx
14
vulnerability VCID-qvyx-jcxw-sbdh
15
vulnerability VCID-s4wf-9m6c-8yay
16
vulnerability VCID-tvj5-fy4j-yqar
17
vulnerability VCID-uhwf-4hp8-63gv
18
vulnerability VCID-zh5c-9jvd-jfhz
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.236
aliases CVE-2023-36095, GHSA-gwqq-6vq7-5j86, PYSEC-2023-138
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrea-ew6n-vyf9
23
url VCID-zh5c-9jvd-jfhz
vulnerability_id VCID-zh5c-9jvd-jfhz
summary An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38860
reference_id
reference_type
scores
0
value 0.01824
scoring_system epss
scoring_elements 0.83292
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38860
1
reference_url https://github.com/advisories/GHSA-fj32-q626-pjjc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fj32-q626-pjjc
2
reference_url https://github.com/langchain-ai/langchain/commit/d353d668e4b0514122a443cef91de7f76fea4245
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/d353d668e4b0514122a443cef91de7f76fea4245
3
reference_url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/fab24457bcf8ede882abd11419769c92bc4e7751
4
reference_url https://github.com/langchain-ai/langchain/issues/7641
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/issues/7641
5
reference_url https://github.com/langchain-ai/langchain/pull/8092
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8092
6
reference_url https://github.com/langchain-ai/langchain/pull/8425
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/pull/8425
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-145.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2023-145.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38860
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38860
9
reference_url https://github.com/hwchase17/langchain/issues/7641
reference_id 7641
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:16:43Z/
url https://github.com/hwchase17/langchain/issues/7641
fixed_packages
0
url pkg:pypi/langchain@0.0.247
purl pkg:pypi/langchain@0.0.247
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1618-rc62-rke9
1
vulnerability VCID-2rhm-rh9f-13b7
2
vulnerability VCID-449d-vdfh-x7fd
3
vulnerability VCID-9879-hp1u-47ds
4
vulnerability VCID-9jxh-pfnm-w7gk
5
vulnerability VCID-cx6s-pyn2-cqcj
6
vulnerability VCID-d5qc-zvmu-rkde
7
vulnerability VCID-enm9-kr4g-hbbz
8
vulnerability VCID-hxnj-z9jr-kue7
9
vulnerability VCID-qvyx-jcxw-sbdh
10
vulnerability VCID-s4wf-9m6c-8yay
11
vulnerability VCID-tvj5-fy4j-yqar
12
vulnerability VCID-uhwf-4hp8-63gv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.247
aliases CVE-2023-38860, GHSA-fj32-q626-pjjc, PYSEC-2023-145
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zh5c-9jvd-jfhz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langchain@0.0.45