Home/Product/langchain
Product

langchain

40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41488
< 1.1.14
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() help
3.1LOW
 CVE-2026-41481
< 1.1.2
LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTex
6.5MEDIUM
 CVE-2026-40087
< 0.3.84
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt
5.3MEDIUM
 CVE-2026-34070
< 1.2.22
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchai
7.5HIGH
 CVE-2026-27795
< 1.1.18
LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forge
4.1MEDIUM
 CVE-2026-26019
< 1.1.14
LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/commun
4.1MEDIUM
 CVE-2026-26013
< 1.2.11
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_mes
3.7LOW
 CVE-2024-58340
<= 0.3.1
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutpu
7.5HIGH
 CVE-2025-68665
< 0.3.37
LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to l
8.6HIGH
 CVE-2025-68664
< 0.3.81
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization inj
9.3CRITICAL
 CVE-2025-2828
< 0.0.28
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (spe
10.0CRITICAL
 CVE-2024-8309
all versions
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt in
9.8CRITICAL
 CVE-2024-7774
all versions
A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability al
9.1CRITICAL
 CVE-2024-7042
< 0.3.1
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows
9.8CRITICAL
 CVE-2024-46946
>= 0.1.17 and <= 0.3.0
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code
9.8CRITICAL
 CVE-2024-5998
< 0.2.9
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrus
7.8HIGH
 CVE-2024-21513
>= 0.0.15 and < 0.0.21
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retri
8.5HIGH
 CVE-2024-38459
< 0.0.61
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step
7.8HIGH
 CVE-2024-3095
>= 0.1.5 and < 0.2.9
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain versio
7.7HIGH
 CVE-2024-2965
< 0.2.5
A Denial-of-Service (DoS) vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting
4.7MEDIUM
 CVE-2024-3571
all versions
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path T
8.8HIGH
 CVE-2024-1455
>= 0.1.4 and <= 0.1.35
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) e
5.9MEDIUM
 CVE-2024-28088
< 0.1.12
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in
8.1HIGH
 CVE-2024-2057
all versions
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function lo
6.3MEDIUM
 CVE-2024-27444
< 0.1.8
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix
9.8CRITICAL
 CVE-2024-0243
< 0.1.0
With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = R
8.1HIGH
 CVE-2023-32786
<= 0.0.155
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, ess
7.5HIGH
 CVE-2023-46229
< 0.0.317
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external se
8.8HIGH
 CVE-2023-39631
all versions
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the nu
9.8CRITICAL
 CVE-2023-36281
all versions
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related
9.8CRITICAL
 CVE-2023-39659
<= 0.0.232
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to
9.8CRITICAL
 CVE-2023-38896
<= 0.0.194
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_pro
9.8CRITICAL
 CVE-2023-38860
all versions
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
9.8CRITICAL
 CVE-2023-36095
all versions
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALCh
9.8CRITICAL
 CVE-2023-36189
all versions
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatab
7.5HIGH
 CVE-2023-36188
all versions
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec me
9.8CRITICAL
 CVE-2023-36258
all versions
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eva
9.8CRITICAL
 CVE-2023-34541
all versions
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
9.8CRITICAL
 CVE-2023-34540
all versions
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (a
9.8CRITICAL
 CVE-2023-29374
<= 0.0.131
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Pytho
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin