Known Vulnerabilities for products from Langchain
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Langchain".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41488 json | Not Provided | 2026-04-24 | 2026-04-27 | |
| CVE-2026-41481 json | Not Provided | 2026-04-24 | 2026-04-25 | |
| CVE-2026-40087 json | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string p... | Not Provided | 2026-04-09 | 2026-04-16 |
| CVE-2026-34070 json | LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in lan... | Not Provided | 2026-03-31 | 2026-04-02 |
| CVE-2026-30617 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-28277 json | LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via a... | Not Provided | 2026-03-05 | 2026-04-21 |
| CVE-2026-27795 json | Not Provided | 2026-02-25 | 2026-02-25 | |
| CVE-2026-7847 json | Not Provided | 2026-05-05 | 2026-05-05 | |
| CVE-2026-7846 json | Not Provided | 2026-05-05 | 2026-05-05 | |
| CVE-2026-7845 json | Not Provided | 2026-05-05 | 2026-05-05 | |
| CVE-2026-7844 json | Not Provided | 2026-05-05 | 2026-05-05 | |
| CVE-2023-46229 json | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an extern... | 8.8 - HIGH | 2023-10-19 | 2023-10-25 |
| CVE-2023-44467 json | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain... | 9.8 - CRITICAL | 2023-10-09 | 2023-10-12 |
| CVE-2023-39659 json | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted scri... | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-39631 json | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in t... | 9.8 - CRITICAL | 2023-09-01 | 2023-09-06 |
| CVE-2023-38896 json | An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_mat... | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-38860 json | An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-36281 json | An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_pr... | 9.8 - CRITICAL | 2023-08-22 | 2023-11-17 |
| CVE-2023-36258 json | An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method. | 9.8 - CRITICAL | 2023-07-03 | 2023-07-10 |
| CVE-2023-36189 json | SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabas... | 7.5 - HIGH | 2023-07-06 | 2023-12-06 |