AI Threat Alert

LangChain Vulnerabilities

pip LLM Frameworks

77

Risk Score

52

Total CVEs

23

Critical

pip

Ecosystem

May 13, 2026

Last CVE

21%

Patch Rate

183d

Avg Time to Patch

136,905 stars 22,646 forks 582 issues 2,640 dependents Last push May 17, 2026

OpenSSF Scorecard 6.4/10

Known Vulnerabilities (52 total, page 2 of 3)

Severity CVE ID Summary CVSS Published

CRITICAL CVE-2024-7774 LangChain.js: path traversal, arbitrary file read/write 9.1 Oct 29, 2024 CRITICAL CVE-2024-7042 LangChainJS: prompt injection enables full graph DB takeover 9.8 Oct 29, 2024 CRITICAL CVE-2024-46946 LangChain-Experimental: RCE via eval in math chain 9.8 Sep 19, 2024 HIGH CVE-2024-5998 LangChain: RCE via FAISS pickle deserialization 7.8 Sep 17, 2024 HIGH CVE-2024-21513 langchain-experimental: RCE via eval() in VectorSQL chain 8.5 Jul 15, 2024 HIGH CVE-2024-38459 LangChain: Python REPL code execution without opt-in 7.8 Jun 16, 2024 HIGH CVE-2024-3095 LangChain: SSRF in Web Retriever exposes cloud metadata 7.7 Jun 6, 2024 HIGH CVE-2024-3571 LangChain: path traversal allows arbitrary file R/W 8.8 Apr 16, 2024 MEDIUM CVE-2024-1455 LangChain: Billion Laughs XML expansion causes DoS 5.9 Mar 26, 2024 HIGH CVE-2024-28088 LangChain: path traversal enables RCE and API key theft 8.1 Mar 4, 2024 CRITICAL CVE-2024-2057 LangChain TFIDFRetriever: SSRF/RCE via load_local 9.8 Mar 1, 2024 CRITICAL CVE-2024-27444 LangChain Experimental: RCE via Python sandbox escape 9.8 Feb 26, 2024 HIGH CVE-2023-32786 LangChain: prompt injection triggers SSRF via URL fetch 7.5 Oct 20, 2023 HIGH CVE-2023-46229 LangChain: SSRF in URL loader exposes internal network 8.8 Oct 19, 2023 CRITICAL CVE-2023-44467 LangChain: RCE bypass via __import__ in PAL chain 9.8 Oct 9, 2023 CRITICAL CVE-2023-39631 LangChain: RCE via numexpr evaluate injection 9.8 Sep 1, 2023 CRITICAL CVE-2023-36281 LangChain: RCE via malicious JSON prompt template 9.8 Aug 22, 2023 CRITICAL CVE-2023-39659 LangChain: RCE via unsanitized PythonAstREPL input 9.8 Aug 15, 2023 CRITICAL CVE-2023-38896 LangChain: RCE via unsandboxed LLM code execution 9.8 Aug 15, 2023 CRITICAL CVE-2023-38860 LangChain: RCE via unsanitized prompt parameter 9.8 Aug 15, 2023 CRITICAL CVE-2023-36095 LangChain PALChain: RCE via unsanitized exec() calls 9.8 Aug 5, 2023 HIGH CVE-2023-36189 LangChain SQLDatabaseChain: SQL injection, DB exfil 7.5 Jul 6, 2023 CRITICAL CVE-2023-36188 LangChain: RCE via PALChain unsanitized Python exec 9.8 Jul 6, 2023 CRITICAL CVE-2023-36258 LangChain: unauthenticated RCE via code injection 9.8 Jul 3, 2023 CRITICAL CVE-2023-34541 LangChain: RCE via unsafe load_prompt deserialization 9.8 Jun 20, 2023

Showing 26–50 of 52

← Previous Next →

Monitor LangChain in your stack

Get instant alerts when new vulnerabilities affect LangChain. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring