AI Threat Alert

LangChain Vulnerabilities

pip LLM Frameworks
77
Risk Score
52
Total CVEs
23
Critical
pip
Ecosystem
May 13, 2026
Last CVE
21%
Patch Rate
183d
Avg Time to Patch
136,905 stars 22,646 forks 582 issues 2,640 dependents Last push May 17, 2026
View on GitHub
OpenSSF Scorecard 6.4/10

Known Vulnerabilities (52 total, page 1 of 3)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-45134 LangSmith: prompt deserialization enables SSRF + data leak 7.1 May 13, 2026 HIGH CVE-2026-44843 LangChain: deserialization poisons LLM chat history 8.2 May 8, 2026 LOW CVE-2026-7847 Langchain-Chatchat: predictable file IDs leak uploaded files 2.6 May 5, 2026 LOW CVE-2026-7846 Langchain-Chatchat: TOCTOU race allows silent file overwrite 2.6 May 5, 2026 LOW CVE-2026-7845 Langchain-Chatchat: weak image hash allows integrity bypass 2.6 May 5, 2026 LOW CVE-2026-41488 langchain-openai: SSRF via DNS rebinding in image token counter 3.1 Apr 24, 2026 MEDIUM CVE-2026-41481 LangChain: SSRF redirect bypass exposes internal endpoints 6.5 Apr 24, 2026 MEDIUM GHSA-fv5p-p927-qmxr langchain-text-splitters: SSRF bypass exposes cloud metadata 6.5 Apr 16, 2026 MEDIUM CVE-2026-40190 langsmith: prototype pollution enables auth bypass, RCE 5.6 Apr 10, 2026 MEDIUM CVE-2026-40087 LangChain: template injection leaks object attributes 5.3 Apr 9, 2026 MEDIUM CVE-2024-2965 langchain-community: DoS via recursive sitemap loop 4.2 Jun 6, 2024 CRITICAL CVE-2023-32785 LangChain: prompt injection → SQL RCE (CVSS 9.8) 9.8 Oct 21, 2023 HIGH CVE-2026-25750 langsmith: security flaw enables exploitation 8.1 Mar 4, 2026 MEDIUM CVE-2026-26019 langchain_community: SSRF allows internal network access 4.1 Feb 11, 2026 LOW CVE-2026-26013 langchain-core: SSRF allows internal network access 3.7 Feb 10, 2026 HIGH CVE-2024-58340 langchain: security flaw enables exploitation 7.5 Jan 12, 2026 CRITICAL CVE-2025-68665 langchain.js: Deserialization enables RCE 9.1 Dec 23, 2025 HIGH CVE-2025-68664 langchain-core: Deserialization enables RCE 8.2 Dec 23, 2025 HIGH CVE-2025-6985 langchain-text-splitters: XXE enables arbitrary file read 7.5 Oct 6, 2025 CRITICAL CVE-2025-45150 ChatGLM-Webui: arbitrary file read, no auth required 9.8 Aug 1, 2025 HIGH CVE-2025-6855 Langchain-Chatchat: path traversal exposes system files 8.8 Jun 29, 2025 MEDIUM CVE-2025-6854 Langchain-Chatchat: path traversal in file API exposes host FS 4.3 Jun 29, 2025 CRITICAL CVE-2025-6853 Langchain-Chatchat: path traversal in KB upload 9.8 Jun 29, 2025 CRITICAL CVE-2025-2828 LangChain RequestsToolkit: SSRF exposes cloud metadata 10.0 Jun 23, 2025 CRITICAL CVE-2024-8309 LangChain GraphCypher: prompt injection enables DB wipe 9.8 Oct 29, 2024

Showing 1–25 of 52

Next →

Monitor LangChain in your stack

Get instant alerts when new vulnerabilities affect LangChain. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring