Vulnerabilidades em langchain-ai
39 resultadosCVE-2025-2828HIGHSSRF Vulnerability in RequestsToolkit in langchain-ai/langchainEPSS 14.1%CVE-2025-68664CRITICALLangChain serialization injection vulnerability enables secret extraction in dumps/loads APIsEPSS 13.8%CVE-2024-8309MEDIUMSQL Injection in langchain-ai/langchainEPSS 13.8%CVE-2026-28277MEDIUMLangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loadingEPSS 5.2%CVE-2026-27022MEDIUMRediSearch Query Injection in @langchain/langgraph-checkpoint-redisEPSS 3.7%CVE-2025-67644HIGHLangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list methodEPSS 2.1%CVE-2024-3571MEDIUMPath Traversal in langchain-ai/langchainEPSS 1.9%CVE-2025-6984HIGHSensitive Information Disclosure Due to Insecure XML Parsing in langchain-ai/langchainEPSS 1.5%CVE-2026-34070HIGHLangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functionsEPSS 1.1%CVE-2025-64439HIGHLangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializerEPSS 0.8%CVE-2024-1455MEDIUMBillion Laughs Attack leading to DoS in langchain-ai/langchainEPSS 0.8%CVE-2025-68665HIGHLangChain serialization injection vulnerability enables secret extractionEPSS 0.7%CVE-2026-27794MEDIUMLangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code ExecutionEPSS 0.7%CVE-2024-3095MEDIUMSSRF in Langchain Web Research Retriever in langchain-ai/langchainEPSS 0.7%CVE-2025-6985HIGHXXE Vulnerability in langchain-ai/langchainEPSS 0.6%CVE-2024-7774MEDIUMPath Traversal in langchain-ai/langchainjsEPSS 0.5%CVE-2024-0243LOWServer-side Request Forgery In Recursive URL LoaderEPSS 0.5%CVE-2025-65106HIGHLangChain Vulnerable to Template Injection via Attribute Access in Prompt TemplatesEPSS 0.5%CVE-2026-44843HIGHLangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlistsEPSS 0.4%CVE-2026-26013LOWLangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messagesEPSS 0.4%