AI Threat Alert
AI Component
Agent
AI agent frameworks (AutoGPT, CrewAI, LangGraph, etc.) orchestrate LLM-powered autonomous actions. Their tool-use capabilities create unique attack surfaces not present in simple chat interfaces.
293
Total CVEs
15
Pages
Page 3 of 15
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-3095 | LangChain: SSRF in Web Retriever exposes cloud metadata | langchain | 7.7 |
| HIGH | CVE-2024-38459 | LangChain: Python REPL code execution without opt-in | langchain-experimental | 7.8 |
| HIGH | CVE-2024-21513 | langchain-experimental: RCE via eval() in VectorSQL chain | langchain-experimental | 8.5 |
| CRITICAL | CVE-2024-46946 | LangChain-Experimental: RCE via eval in math chain | langchain-experimental | 9.8 |
| CRITICAL | CVE-2024-7042 | LangChainJS: prompt injection enables full graph DB takeover | langchain | 9.8 |
| CRITICAL | CVE-2024-7774 | LangChain.js: path traversal, arbitrary file read/write | langchain.js | 9.1 |
| CRITICAL | CVE-2024-8309 | LangChain GraphCypher: prompt injection enables DB wipe | langchain | 9.8 |
| MEDIUM | CVE-2024-10940 | langchain-core: file read via prompt template inputs | langchain-core | 5.3 |
| CRITICAL | CVE-2025-2828 | LangChain RequestsToolkit: SSRF exposes cloud metadata | langchain | 10.0 |
| CRITICAL | CVE-2025-46059 | LangChain GmailToolkit: indirect prompt injection to RCE | 9.8 | |
| CRITICAL | CVE-2025-9556 | langchaingo: Jinja2 SSTI allows host filesystem read | 9.8 | |
| MEDIUM | CVE-2025-58177 | n8n: stored XSS in LangChain chat trigger (public) | n8n | 5.4 |
| HIGH | CVE-2025-6985 | langchain-text-splitters: XXE enables arbitrary file read | langchain-text-splitters | 7.5 |
| HIGH | CVE-2025-8709 | langgraph-checkpoint-sqlite: SQL Injection exposes database | langgraph-checkpoint-sqlite | 7.3 |
| HIGH | CVE-2025-65106 | langchain-core: security flaw enables exploitation | langchain-core | - |
| HIGH | CVE-2025-68664 | langchain-core: Deserialization enables RCE | langchain_core | 8.2 |
| CRITICAL | CVE-2025-68665 | langchain.js: Deserialization enables RCE | langchain.js | 9.1 |
| HIGH | CVE-2024-58340 | langchain: security flaw enables exploitation | langchain | 7.5 |
| LOW | CVE-2026-26013 | langchain-core: SSRF allows internal network access | langchain_core | 3.7 |
| MEDIUM | CVE-2026-26019 | langchain_community: SSRF allows internal network access | langchain_community | 4.1 |