AI Threat Alert
LangChain
pip LLM Frameworks54
Total CVEs
31
Critical
pip
Ecosystem
Mar 4, 2026
Last CVE
Known Vulnerabilities (30+ shown)
Severity CVE ID Summary CVSS Published
MEDIUM CVE-2024-2965 langchain-community: DoS via recursive sitemap loop 4.2 Jun 6, 2024 CRITICAL CVE-2023-32785 LangChain: prompt injection → SQL RCE (CVSS 9.8) 9.8 Oct 21, 2023 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 Mar 4, 2026 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 Mar 4, 2026 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 Mar 4, 2026 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 Mar 4, 2026 MEDIUM CVE-2026-26019 langchain_community: SSRF allows internal network access 4.1 Feb 11, 2026 LOW CVE-2026-26013 langchain-core: SSRF allows internal network access 3.7 Feb 10, 2026 HIGH CVE-2024-58340 langchain: security flaw enables exploitation 7.5 Jan 12, 2026 CRITICAL CVE-2025-68665 langchain.js: Deserialization enables RCE 9.1 Dec 23, 2025 CRITICAL CVE-2025-68665 langchain.js: Deserialization enables RCE 9.1 Dec 23, 2025 CRITICAL CVE-2025-68665 langchain.js: Deserialization enables RCE 9.1 Dec 23, 2025 CRITICAL CVE-2025-68665 langchain.js: Deserialization enables RCE 9.1 Dec 23, 2025 HIGH CVE-2025-68664 langchain-core: Deserialization enables RCE 8.2 Dec 23, 2025 HIGH CVE-2025-68664 langchain-core: Deserialization enables RCE 8.2 Dec 23, 2025 CRITICAL CVE-2025-45150 ChatGLM-Webui: arbitrary file read, no auth required 9.8 Aug 1, 2025 HIGH CVE-2025-6855 Langchain-Chatchat: path traversal exposes system files 8.8 Jun 29, 2025 MEDIUM CVE-2025-6854 Langchain-Chatchat: path traversal in file API exposes host FS 4.3 Jun 29, 2025 CRITICAL CVE-2025-6853 Langchain-Chatchat: path traversal in KB upload 9.8 Jun 29, 2025 CRITICAL CVE-2025-2828 LangChain RequestsToolkit: SSRF exposes cloud metadata 10.0 Jun 23, 2025 CRITICAL CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe 9.8 Oct 29, 2024 CRITICAL CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe 9.8 Oct 29, 2024 CRITICAL CVE-2024-7774 LangChain.js: path traversal, arbitrary file read/write 9.1 Oct 29, 2024 CRITICAL CVE-2024-7042 LangChainJS: prompt injection enables full graph DB takeover 9.8 Oct 29, 2024 CRITICAL CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain 9.8 Sep 19, 2024 HIGH CVE-2024-5998 LangChain: RCE via FAISS pickle deserialization 7.8 Sep 17, 2024 HIGH CVE-2024-21513 langchain-experimental: RCE via eval() in VectorSQL chain 8.5 Jul 15, 2024 HIGH CVE-2024-38459 LangChain: Python REPL code execution without opt-in 7.8 Jun 16, 2024 HIGH CVE-2024-3095 LangChain: SSRF in Web Retriever exposes cloud metadata 7.7 Jun 6, 2024 HIGH CVE-2024-3571 LangChain: path traversal allows arbitrary file R/W 8.8 Apr 16, 2024 Monitor LangChain in your stack
Get instant alerts when new vulnerabilities affect LangChain. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring