Known Vulnerabilities for products from Langchain
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Langchain".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40087 json | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string p... | Not Provided | 2026-04-09 | 2026-04-16 |
| CVE-2026-34070 json | LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in lan... | Not Provided | 2026-03-31 | 2026-04-02 |
| CVE-2026-30617 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-28277 json | LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via a... | Not Provided | 2026-03-05 | 2026-04-21 |
| CVE-2026-27795 json | LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request ... | Not Provided | 2026-02-25 | 2026-04-13 |
| CVE-2023-46229 json | LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an extern... | 8.8 - HIGH | 2023-10-19 | 2023-10-25 |
| CVE-2023-44467 json | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain... | 9.8 - CRITICAL | 2023-10-09 | 2023-10-12 |
| CVE-2023-39659 json | An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted scri... | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-39631 json | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in t... | 9.8 - CRITICAL | 2023-09-01 | 2023-09-06 |
| CVE-2023-38896 json | An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_mat... | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-38860 json | An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | 9.8 - CRITICAL | 2023-08-15 | 2023-08-22 |
| CVE-2023-36281 json | An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_pr... | 9.8 - CRITICAL | 2023-08-22 | 2023-11-17 |
| CVE-2023-36258 json | An issue in langchain v.0.0.199 allows an attacker to execute arbitrary code via the PALChain in the python exec method. | 9.8 - CRITICAL | 2023-07-03 | 2023-07-10 |
| CVE-2023-36189 json | SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabas... | 7.5 - HIGH | 2023-07-06 | 2023-12-06 |
| CVE-2023-36188 json | An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python ex... | 9.8 - CRITICAL | 2023-07-06 | 2023-07-12 |
| CVE-2023-36095 json | An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the ... | 9.8 - CRITICAL | 2023-08-05 | 2023-08-14 |
| CVE-2023-34541 json | Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | 9.8 - CRITICAL | 2023-06-20 | 2023-08-29 |
| CVE-2023-34540 json | Langchain 0.0.171 is vulnerable to Arbitrary Code Execution. | 9.8 - CRITICAL | 2023-06-14 | 2024-03-13 |
| CVE-2023-32786 json | In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL... | 7.5 - HIGH | 2023-10-20 | 2023-10-27 |
| CVE-2023-32785 json | In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the cha... | 9.8 - CRITICAL | 2023-10-20 | 2023-10-27 |