Known Vulnerabilities for products from Langchain
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Langchain".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55443 json | Not Provided | 2026-06-22 | 2026-06-22 | |
| CVE-2026-48776 json | LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Pyt... | Not Provided | 2026-06-17 | 2026-06-26 |
| CVE-2026-48775 json | LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via a... | Not Provided | 2026-06-16 | 2026-06-24 |
| CVE-2026-45401 json | Not Provided | 2026-05-15 | 2026-05-18 | |
| CVE-2026-45134 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-44843 json | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains olde... | Not Provided | 2026-05-26 | 2026-05-29 |
| CVE-2026-41488 json | LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size()... | Not Provided | 2026-04-24 | 2026-04-28 |
| CVE-2026-41481 json | Not Provided | 2026-04-24 | 2026-06-30 | |
| CVE-2026-40190 json | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/Ty... | Not Provided | 2026-04-10 | 2026-07-07 |
| CVE-2026-40087 json | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string p... | Not Provided | 2026-04-09 | 2026-04-16 |
| CVE-2026-34070 json | LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in lan... | Not Provided | 2026-03-31 | 2026-07-10 |
| CVE-2026-28277 json | LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via a... | Not Provided | 2026-03-05 | 2026-04-21 |
| CVE-2026-27795 json | LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request ... | Not Provided | 2026-02-25 | 2026-04-13 |
| CVE-2026-14742 json | Not Provided | 2026-07-05 | 2026-07-06 | |
| CVE-2026-14630 json | Not Provided | 2026-07-04 | 2026-07-06 | |
| CVE-2026-7847 json | Not Provided | 2026-05-05 | 2026-05-05 | |
| CVE-2023-46229 json | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an extern... | 8.8 - HIGH | 2023-10-19 | 2023-10-25 |
| CVE-2023-44467 json | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain... | 9.8 - CRITICAL | 2023-10-09 | 2023-10-12 |
| CVE-2023-39659 json | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted scri... | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-39631 json | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in t... | 9.8 - CRITICAL | 2023-09-01 | 2023-09-06 |