Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

LangChain — Vulnerabilities & Security Advisories 1

Browse all 1 CVE security advisories affecting LangChain. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by LangChain: langchain_community
HighCVE-2024-48432026-05-27
Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists · Advisory · la
Low2026-04-25
Image token counting SSRF protection can be bypassed via DNS rebinding · Advisory · langchain-ai/langchain · GitHub
Medium2026-04-25
HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass · Advisory · langchain-ai/langchain · GitHub
High2026-04-10
fix(core): sanitize prompts more (#36613) · langchain-ai/langchain@6bab0ba · GitHub
Critical2026-04-10
fix(core): add more sanitization to templates (#36612) · langchain-ai/langchain@af2ed47 · GitHub
High2026-04-10
fix(core): add more sanitization to templates by eyurtsev · Pull Request #36612 · langchain-ai/langchain · GitHub
MediumCVE-2024-400872026-04-10
Incomplete f-string validation in prompt templates · Advisory · langchain-ai/langchain · GitHub
High2026-04-02
Path traversal in legacy `load_prompt` functions in `langchain-core` (CWE-22) · Advisory · langchain-ai/langchain · GitH
Unknown2026-04-02
Release langchain-core==1.2.22 · langchain-ai/langchain · GitHub
MediumCVE-2026-277952026-02-26
SSRF Bypass in RecursiveUrlLoader via redirect chaining · Advisory · langchain-ai/langchainjs · GitHub
MediumCVE-2026-277942026-02-26
ZDI-CAN-28385: LangChain LangGraph BaseCache Deserialization of Untrusted Data Remote Code Execution Vulnerability · Adv
High2026-02-21
fix(checkpoint): improve sanitization in Redis and MongoDB filters (#… · langchain-ai/langgraphjs@814c76d · GitHub
High2026-02-12
feat(core,community): ssrf hardening by hntrl · Pull Request #9990 · langchain-ai/langchainjs · GitHub
MediumCVE-2026-260192026-02-12
SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation · Advisory · langchain-ai/langchainjs · GitHub
HighGHSA-xxxx-xxxx-xxxx2025-11-22
Template Injection via Attribute Access in Prompt Templates · Advisory · langchain-ai/langchain · GitHub
High2024-10-30
fix(langchain): Fix local file store traversal issue (#6736) · langchain-ai/langchainjs@a0fad77 · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with LangChain. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.