Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Security Intel Hub 21+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
Clear filters
Low
Image token counting SSRF protection can be bypassed via DNS rebinding · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25
langchain-openai < 1.1.14
Read more
Medium
HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass · Advisory · langchain-ai/langchain · GitHub
github.com · 2026-04-25
langchain-text-splitters < 1.1.2
Read more
Medium
LangSmith SDK Streaming Token Events Bypass Output Redaction
github.com · 2026-04-23
langsmith <=0.5.18 · langsmith <=0.7.30
Read more
High
LangChain Prompt Template Injection Vulnerability Fix
github.com · 2026-04-10
LangChain libs/core < fix(core): sanitize prompts more (#36613) 6bab0ba
Read more
Critical
LangChain langchain-core Prompt Template Attribute Access Vulnerability Leading to RCE and Fix
github.com · 2026-04-10
langchain-core < patched version
Read more
High
LangChain f-string Template Injection Vulnerability Fix Analysis
github.com · 2026-04-10
LangChain langchain-core
Read more
Medium
LangChain CVE-2024-40087: Incomplete f-string Validation Allowing Attribute Access
CVE-2024-40087 · github.com · 2026-04-10
langchain_core <0.3.83 · langchain_core <1.2.28
Read more
High
libxml2 CVE-2024-37465 Heap Buffer Overflow Vulnerability Advisory
CVE-2024-37465 · github.com · 2026-04-02
libxml2 < 2.12.6
Read more
High
LangChain langchain-core Path Traversal Vulnerability (CWE-22) with POC
github.com · 2026-04-02
langchain-core < 1.2.2
Read more
Unknown
LangChain langchain-core Path Validation Fix in prompt/save/load_prompt (v1.2.22)
github.com · 2026-04-02
langchain-core < 1.2.22
Read more
Medium
LangChain @langchain/community SSRF Bypass via Redirect Chaining (CVE-2026-27795) Advisory
CVE-2026-27795 · github.com · 2026-02-26
@langchain/community <= 1.1.17
Read more
Premium intel
Medium
LangGraph BaseCache Deserialization RCE (CVE-2026-27794)
CVE-2026-27794 · github.com · 2026-02-26
langgraph-checkpoint < 4.0.0
Read more
High
Checkpoint library fixes MongoDB and Redis query injection vulnerabilities
github.com · 2026-02-21
langgraphjs
Read more
High
LangChain SSRF Vulnerability Fix: New SSRF Protection Module and RecursiveUrlLoader Hardening
github.com · 2026-02-12
langchainjs @langchain/community RecursiveUrlLoader
Read more
Medium
CVE-2026-26019: SSRF Bypass in Langchain @langchain/community RecursiveUrlLoader
CVE-2026-26019 · github.com · 2026-02-12
@langchain/community <= 1.1.13
Read more
Low
LangChain ChatOpenAI SSRF via image_url token counting
github.com · 2026-02-11
langchain-core==0.3.81
Read more
Medium
LangSmith SDK SSRF via Tracing Header Injection (CVE-2026-25528)
CVE-2026-25528 · github.com · 2026-02-10
Python >=0.4.10,<0.6.3 · JavaScript >=0.3.41,<0.4.6
Read more
High
LangChain langchain-core Template Injection via Attribute Access
GHSA-xxxx-xxxx-xxxx · github.com · 2025-11-22
langchain_core <1.0.6, >=1.0.0 · langchain_core <=0.3.79
Read more
Critical
RCE in langgraph-checkpoint JsonPlusSerializer via Unsafe Deserialization
github.com · 2025-11-09
langgraph-checkpoint < 3.0
Read more
CVSS 7.3
CVE-2025-64104: SQL Injection in LangGraph SQLiteStore
github.com · 2025-10-30

### Key Information #### Vulnerability Overview - **Vulnerability Type**: SQL Injection - **Affected Versions**: <=2.0.10 - **Fixed Version**: 2.0.11 - **CVE ID**: CVE-2025-64104 - **CVSS v3 Base Metr…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.