Langchain-Ai Langchain vulnerabilities
12 known vulnerabilities affecting langchain-ai/langchain-ai_langchain.
Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH7MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-6984P2HIGHCVSS 7.5PoC≥ unspecified, ≤ latest2025-09-04
CVE-2025-6984 [HIGH] CWE-200 CVE-2025-6984: The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.iterparse() without disabling external entity references, which can lead to sensitive information disclosure. An attac
nvd
CVE-2025-2828P2CRITICALCVSS 10.0≥ unspecified, < 0.0.282025-06-23
CVE-2025-2828 [CRITICAL] CWE-918 CVE-2025-2828: A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the la
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote in
nvd
CVE-2024-8309P2CRITICALCVSS 9.8≥ unspecified, < 0.3.02024-10-29
CVE-2024-8309 [CRITICAL] CWE-89 CVE-2024-8309: A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for S
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers
nvd
CVE-2024-3571P3HIGHCVSS 8.8≥ unspecified, < 0.0.3532024-04-16
CVE-2024-3571 [HIGH] CWE-22 CVE-2024-3571: langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue l
nvd
CVE-2024-3095P3HIGHCVSS 7.7≥ unspecified, ≤ latest2024-06-06
CVE-2024-3095 [HIGH] CWE-918 CVE-2024-3095: A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access loc
nvd
CVE-2025-6985P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-10-06
CVE-2025-6985 [HIGH] CWE-611 CVE-2025-6985: The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML Externa
The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse() and lxml.etree.XSLT() without any hardening measures. In lxml versions u
nvd
CVE-2025-8709P3HIGHCVSS 7.3≥ unspecified, ≤ latest2025-10-26
CVE-2025-8709 [HIGH] CWE-89 CVE-2025-8709: A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the L
A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without prope
nvd
CVE-2024-0243P3HIGHCVSS 8.1≥ unspecified, < 0.1.02024-02-26
CVE-2024-0243 [HIGH] CWE-918 CVE-2024-0243: With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "h
With the following crawler configuration:
```python
from bs4 import BeautifulSoup as Soup
url = "https://example.com"
loader = RecursiveUrlLoader(
url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text
)
docs = loader.load()
```
An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there wit
nvd
CVE-2024-5998P3HIGHCVSS 7.8≥ unspecified, < 0.2.92024-09-17
CVE-2024-5998 [HIGH] CWE-502 CVE-2024-5998: A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pi
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.
nvd
CVE-2024-10940P4MEDIUMCVSS 5.3≥ unspecified, < 0.3.152025-03-20
CVE-2024-10940 [MEDIUM] CWE-497 CVE-2024-10940: A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 al
A vulnerability in langchain-core versions >=0.1.17,=0.2.0,=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-spec
nvd
CVE-2024-1455P4MEDIUMCVSS 5.9≥ unspecified, < 0.1.352024-03-26
CVE-2024-1455 [MEDIUM] CWE-776 CVE-2024-1455: A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).
nvd
CVE-2024-2965P4MEDIUMCVSS 4.7≥ unspecified, < 0.2.52024-06-06
CVE-2024-2965 [MEDIUM] CWE-674 CVE-2024-2965: A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/lan
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows
nvd