Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langchain-community@0.3.0.dev2
Typepypi
Namespace
Namelangchain-community
Version0.3.0.dev2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.3.27
Latest_non_vulnerable_version0.3.27
Affected_by_vulnerabilities
0
url VCID-6mst-ajvk-j7gd
vulnerability_id VCID-6mst-ajvk-j7gd
summary The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attacker could exploit this by crafting a malicious XML payload that references local files, potentially exposing sensitive data such as /etc/passwd.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6984.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6984.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6984
reference_id
reference_type
scores
0
value 0.01922
scoring_system epss
scoring_elements 0.83806
published_at 2026-06-12T12:55:00Z
1
value 0.01922
scoring_system epss
scoring_elements 0.83748
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6984
2
reference_url https://github.com/langchain-ai/langchain/blob/d79b5813a0b3b243c612b77013768995e46c4337/libs/langchain/langchain/document_loaders/evernote.py#L1-L23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/blob/d79b5813a0b3b243c612b77013768995e46c4337/libs/langchain/langchain/document_loaders/evernote.py#L1-L23
3
reference_url https://github.com/langchain-ai/langchain-community
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain-community
4
reference_url https://github.com/langchain-ai/langchain-community/commit/e842452108089524e22c3a2ced851c021884556f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain-community/commit/e842452108089524e22c3a2ced851c021884556f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6984
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6984
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393073
reference_id 2393073
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393073
7
reference_url https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a
reference_id a6b521cf-258c-41c0-9edb-d8ef976abb2a
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T20:07:23Z/
url https://huntr.com/bounties/a6b521cf-258c-41c0-9edb-d8ef976abb2a
8
reference_url https://github.com/advisories/GHSA-pc6w-59fv-rh23
reference_id GHSA-pc6w-59fv-rh23
reference_type
scores
url https://github.com/advisories/GHSA-pc6w-59fv-rh23
9
reference_url https://access.redhat.com/errata/RHSA-2025:16514
reference_id RHSA-2025:16514
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16514
fixed_packages
0
url pkg:pypi/langchain-community@0.3.27
purl pkg:pypi/langchain-community@0.3.27
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.3.27
aliases CVE-2025-6984, GHSA-pc6w-59fv-rh23
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mst-ajvk-j7gd
1
url VCID-hxnj-z9jr-kue7
vulnerability_id VCID-hxnj-z9jr-kue7
summary A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8309.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8309.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8309
reference_id
reference_type
scores
0
value 0.02002
scoring_system epss
scoring_elements 0.84101
published_at 2026-06-12T12:55:00Z
1
value 0.02002
scoring_system epss
scoring_elements 0.84044
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8309
2
reference_url https://github.com/advisories/GHSA-45pg-36p6-83v9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/advisories/GHSA-45pg-36p6-83v9
3
reference_url https://github.com/langchain-ai/langchain/commit/64c317eba05fbac0c6a6fc5aa192bc0d7130972e
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/langchain-ai/langchain/commit/64c317eba05fbac0c6a6fc5aa192bc0d7130972e
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-115.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/langchain/PYSEC-2024-115.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8309
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8309
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322452
reference_id 2322452
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322452
7
reference_url https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
reference_id 8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:16Z/
url https://huntr.com/bounties/8f4ad910-7fdc-4089-8f0a-b5df5f32e7c5
8
reference_url https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
reference_id c2a3021bb0c5f54649d380b42a0684ca5778c255
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-29T13:50:16Z/
url https://github.com/langchain-ai/langchain/commit/c2a3021bb0c5f54649d380b42a0684ca5778c255
fixed_packages
0
url pkg:pypi/langchain-community@0.3.0
purl pkg:pypi/langchain-community@0.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mst-ajvk-j7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.3.0
aliases CVE-2024-8309, GHSA-45pg-36p6-83v9, PYSEC-2024-115
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxnj-z9jr-kue7
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langchain-community@0.3.0.dev2