📦 Langchain
by Langchain
🔍 What is Langchain?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allows attackers to make unauthorized requests to internal network resources. It affects users of langcha...
This vulnerability allows SQL injection through prompt injection in langchain-ai/langchain's GraphCypherQAChain class. Attackers can manipulate database queries to execute unauthorized SQL commands, p...
A prompt injection vulnerability in langchain-ai/langchainjs GraphCypherQAChain class allows attackers to inject SQL commands through manipulated prompts, leading to unauthorized database operations. ...
This vulnerability allows remote attackers to execute arbitrary code through the evaluate function in LangChain's numexpr library integration. It affects LangChain installations using vulnerable versi...
This vulnerability in LangChain versions before 0.0.312 allows remote attackers to execute arbitrary code by loading a malicious JSON file containing specially crafted templates. Any application using...
This vulnerability in LangChain allows remote attackers to execute arbitrary code through the from_math_prompt and from_colored_object_prompt functions. It affects LangChain versions 0.0.194 and earli...
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of LangChain. Attackers can exploit the PythonAstREPLTool component by sending crafted scrip...
This vulnerability in LangChain allows remote attackers to execute arbitrary code by manipulating the prompt parameter. It affects all systems running vulnerable versions of LangChain, particularly th...
This vulnerability in LangChain version 0.0.194 allows remote code execution through unsafe Python exec() calls in PALChain functions. Attackers can execute arbitrary code on systems running vulnerabl...
This vulnerability in LangChain version 0.0.64 allows remote attackers to execute arbitrary Python code through the PALChain parameter. Attackers can achieve remote code execution (RCE) by exploiting ...
This vulnerability in LangChain allows attackers to execute arbitrary Python code through malicious inputs containing os.system, exec, or eval functions. It affects all systems running vulnerable vers...
Langchain 0.0.171 contains a vulnerability in the load_prompt function that allows arbitrary code execution when loading malicious prompt files. This affects any application using Langchain's prompt l...
Langchain versions before 0.0.225 contain a remote code execution vulnerability in the JiraAPIWrapper component. Attackers can execute arbitrary code by sending crafted input to vulnerable systems. Th...
This vulnerability in LangChain's LLMMathChain allows attackers to inject malicious prompts that execute arbitrary Python code via the exec() method. This affects any application using LangChain versi...
This Server-Side Request Forgery (SSRF) vulnerability in langchain's Web Research Retriever allows attackers to make the server send requests to internal network addresses and cloud metadata services....
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in LangChain's RecursiveUrlLoader where an attacker controlling the initial crawled website can trick the crawler into fetching co...
This vulnerability in Langchain allows attackers to inject malicious prompts that force the service to retrieve data from arbitrary URLs, enabling server-side request forgery (SSRF) attacks. This coul...
This Server-Side Request Forgery (SSRF) vulnerability in LangChain allows attackers to make the application send requests from external servers to internal network resources. It affects any system usi...
This CVE describes a Denial-of-Service vulnerability in LangChain's SitemapLoader class where the parse_sitemap method can enter infinite recursion if a sitemap URL points to itself. This causes Pytho...