Search: langchain | AI Threat Alert

CVE MEDIUM GHSA-926x-3r5x-gfhw

2026-04-08

LangChain has incomplete f-string validation in prompt templates

CVSS 5.3 langchain-core View details

CVE MEDIUM GHSA-fv5p-p927-qmxr

2026-04-16

LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

CVSS 6.5 langchain-text-splitters View details

CVE MEDIUM CVE-2026-55443

2026-06-22

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine

CVSS 5.1 langchain View details

CVE MEDIUM CVE-2026-41481

2026-04-24

LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using validate_safe

CVSS 6.5 langchain View details

CVE MEDIUM CVE-2026-40087

2026-04-09

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some

CVSS 5.3 langchain-core View details

CVE MEDIUM GHSA-gr75-jv2w-4656

2026-06-16

LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

CVSS 5.1 langchain-anthropic View details

CVE MEDIUM CVE-2026-7844

2026-05-05

vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Service. The manipulation results

CVSS 6.3 View details

CVE MEDIUM CVE-2026-26019

2026-02-11

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting

CVSS 4.1 langchain_community View details

CVE MEDIUM CVE-2025-58177

2025-09-15

stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages field and enable public access

CVSS 5.4 n8n View details

CVE MEDIUM CVE-2025-6854

2025-06-29

vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path

CVSS 4.3 langchain-chatchat View details

CVE MEDIUM CVE-2024-10940

2025-03-20

vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability

CVSS 5.3 langchain-core View details

CVE MEDIUM CVE-2024-2965

2024-06-06

Denial of service in langchain-community

CVSS 4.2 langchain View details

CVE MEDIUM CVE-2024-1455

2024-03-26

vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within

CVSS 5.9 langchain View details

CVE MEDIUM CVE-2026-40190

2026-04-10

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via

CVSS 5.6 langsmith View details

CVE MEDIUM CVE-2026-28277

2026-03-05

LangGraph checkpoint loading has unsafe msgpack deserialization

CVSS 6.8 langgraph View details