Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how langchain compares to other vendors in security performance

View Risk Score →

pip/langchain-coreLangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists

Risk 57
Severity
8.2
First published (updated )
CVE-2026-44843

pypi/langchain-openaiangchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding

Risk 17
Severity
3.1
First published (updated )
CVE-2026-41488

pypi/langchain-text-splittersLangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass

Risk 37
Severity
6.5
First published (updated )
CVE-2026-41481

pip/langchain-coreLangChain has incomplete f-string validation in prompt templates

Risk 27
Severity
5.3
First published (updated )
CVE-2026-40087

pip/langchain-coreLangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34070
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pypi/langgraphLangGraph: Unsafe msgpack deserialization in LangGraph checkpoint loading

Risk 49
Severity
7.2
EPSS
0.03%
First published (updated )
CVE-2026-28277

helm/langchain-ai/helmLangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl

Risk 64
Severity
8.5
First published (updated )
CVE-2026-25750

npm/@langchain/communityLangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Risk 30
Severity
7.4
EPSS
0.03%
First published (updated )
CVE-2026-27795

npm/@langchain/community@langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

Risk 16
Severity
4.1
EPSS
0.01%
First published (updated )
CVE-2026-26019

pypi/langchainLangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

Risk 15
Severity
3.7
EPSS
0.01%
First published (updated )
CVE-2026-26013
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pypi/langchainLangChain <= 0.3.1 MRKLOutputParser ReDoS

Risk 47
Severity
8.7
First published (updated )
CVE-2024-58340

npm/langchainLangChain serialization injection vulnerability enables secret extraction

Risk 66
Severity
9.1
First published (updated )
CVE-2025-68665

pip/langchain-coreLangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Risk 70
Severity
9.3
Exploited
First published (updated )
CVE-2025-68664

pip/langgraph-checkpoint-sqliteLangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

Risk 69
Severity
7.8
First published (updated )
CVE-2025-67644

Langchain langgraph-checkpoint-sqliteSQL Injection in langchain-ai/langchain

Risk 47
Severity
7.3
First published (updated )
CVE-2025-8709
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Langchain langchain-text-splittersXXE Vulnerability in langchain-ai/langchain

Risk 43
Severity
7.5
First published (updated )
CVE-2025-6985

Langchain ChatGLM-WebuiInsecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view an…

Risk 86
Severity
9.8
First published (updated )
CVE-2025-45150

Langchain langchain-aiCode Injection

Risk 86
Severity
9.8
First published (updated )
CVE-2025-46059

langchain-ai langchainSSRF Vulnerability in RequestsToolkit in langchain-ai/langchain

Risk 91
Severity
10
First published (updated )
CVE-2025-2828

pip/langchain-communitySQL Injection in langchain-ai/langchain

Risk 89
Severity
9.8
First published (updated )
CVE-2024-8309
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/@langchain/communityPrompt Injection in langchain-ai/langchainjs Leading to SQL Injection

Risk 89
Severity
9.8
First published (updated )
CVE-2024-7042

npm/langchainPath Traversal in langchain-ai/langchainjs

Risk 69
Severity
9.1
First published (updated )
CVE-2024-7774

pip/langchain-experimentalInput Validation

Risk 89
Severity
9.8
First published (updated )
CVE-2024-46946

pip/langchain-communityDeserialization of Untrusted Data in langchain-ai/langchain

Risk 71
Severity
7.8
First published (updated )
CVE-2024-5998

pip/langchain-experimentalCode Injection

Risk 76
Severity
8.6
First published (updated )
CVE-2024-21513
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/langchain-experimentallangchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL…

Risk 71
Severity
7.8
First published (updated )
CVE-2024-38459

pip/langchainDenial-of-Service in langchain-community SitemapLoader

Risk 29
Severity
4.7
First published (updated )
CVE-2024-2965

pip/langchain-communitySSRF in Langchain Web Research Retriever in langchain-ai/langchain

Risk 45
Severity
7.7
First published (updated )
CVE-2024-3095

pip/langchainPath Traversal in langchain-ai/langchain

Risk 58
Severity
8.8
EPSS
0.04%
First published (updated )
CVE-2024-3571

pip/langchain-coreBillion Laughs Attack leading to DoS in langchain-ai/langchain

Risk 37
Severity
5.9
First published (updated )
CVE-2024-1455
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203