AI Threat Alert

Langchain

35 AI/ML vulnerabilities tracked for Langchain.

35

Total CVEs

2

Pages

Page 1 of 2

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2026-25750	langsmith: security flaw enables exploitation	langsmith	8.1
CRITICAL	CVE-2023-29374	LangChain: RCE via prompt injection in LLMMathChain	langchain	9.8
CRITICAL	CVE-2023-34540	LangChain: RCE via JiraAPIWrapper crafted input	langchain	9.8
CRITICAL	CVE-2023-34541	LangChain: RCE via unsafe load_prompt deserialization	langchain	9.8
CRITICAL	CVE-2023-36258	LangChain: unauthenticated RCE via code injection	langchain	9.8
CRITICAL	CVE-2023-36188	LangChain: RCE via PALChain unsanitized Python exec	langchain	9.8
HIGH	CVE-2023-36189	LangChain SQLDatabaseChain: SQL injection, DB exfil	langchain	7.5
CRITICAL	CVE-2023-36095	LangChain PALChain: RCE via unsanitized exec() calls	langchain	9.8
CRITICAL	CVE-2023-38860	LangChain: RCE via unsanitized prompt parameter	langchain	9.8
CRITICAL	CVE-2023-38896	LangChain: RCE via unsandboxed LLM code execution	langchain	9.8
CRITICAL	CVE-2023-39659	LangChain: RCE via unsanitized PythonAstREPL input	langchain	9.8
CRITICAL	CVE-2023-36281	LangChain: RCE via malicious JSON prompt template	langchain	9.8
CRITICAL	CVE-2023-39631	LangChain: RCE via numexpr evaluate injection	langchain	9.8
CRITICAL	CVE-2023-44467	LangChain: RCE bypass via __import__ in PAL chain	langchain_experimental	9.8
HIGH	CVE-2023-46229	LangChain: SSRF in URL loader exposes internal network	langchain	8.8
HIGH	CVE-2023-32786	LangChain: prompt injection triggers SSRF via URL fetch	langchain	7.5
CRITICAL	CVE-2024-27444	LangChain Experimental: RCE via Python sandbox escape	langchain-experimental	9.8
CRITICAL	CVE-2024-2057	LangChain TFIDFRetriever: SSRF/RCE via load_local	langchain	9.8
HIGH	CVE-2024-28088	LangChain: path traversal enables RCE and API key theft	langchain	8.1
MEDIUM	CVE-2024-1455	LangChain: Billion Laughs XML expansion causes DoS	langchain	5.9

Page 1 of 2