Langchain Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Langchain products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows attackers to inject malicious serialized objects into LangChain applications by exploiting improper escaping of user-control...
Dec 23, 2025A serialization injection vulnerability in LangChain's dumps() and dumpd() functions allows attackers to inject malicious data that gets treated as le...
Dec 23, 2025This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allows attackers to make unauthorized requests to inter...
Jun 23, 2025This vulnerability allows SQL injection through prompt injection in langchain-ai/langchain's GraphCypherQAChain class. Attackers can manipulate databa...
Oct 29, 2024A prompt injection vulnerability in langchain-ai/langchainjs GraphCypherQAChain class allows attackers to inject SQL commands through manipulated prom...
Oct 29, 2024CVE-2024-46946 is a critical remote code execution vulnerability in LangChain Experimental's LLMSymbolicMathChain component. Attackers can execute arb...
Sep 19, 2024This vulnerability allows arbitrary Python code execution in langchain-experimental when using VectorSQLDatabaseChain. Attackers who can control input...
Jul 15, 2024This vulnerability in langchain_experimental (LangChain Experimental) allows arbitrary Python code execution via REPL access without requiring explici...
Jun 16, 2024This Server-Side Request Forgery (SSRF) vulnerability in langchain's Web Research Retriever allows attackers to make the server send requests to inter...
Jun 6, 2024This CVE describes a Denial-of-Service vulnerability in LangChain's SitemapLoader class where the parse_sitemap method can enter infinite recursion if...
Jun 6, 2024This vulnerability allows attackers to bypass previous security fixes in LangChain Experimental and execute arbitrary Python code via specific attribu...
Feb 26, 2024This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in LangChain's RecursiveUrlLoader where an attacker controlling the initial craw...
Feb 26, 2024This vulnerability in Langchain allows attackers to inject malicious prompts that force the service to retrieve data from arbitrary URLs, enabling ser...
Oct 20, 2023This Server-Side Request Forgery (SSRF) vulnerability in LangChain allows attackers to make the application send requests from external servers to int...
Oct 19, 2023This vulnerability in LangChain Experimental allows attackers to bypass previous security fixes and execute arbitrary Python code via __import__ state...
Oct 9, 2023This vulnerability allows remote attackers to execute arbitrary code through the evaluate function in LangChain's numexpr library integration. It affe...
Sep 1, 2023This vulnerability in LangChain versions before 0.0.312 allows remote attackers to execute arbitrary code by loading a malicious JSON file containing ...
Aug 22, 2023This vulnerability in LangChain allows remote attackers to execute arbitrary code through the from_math_prompt and from_colored_object_prompt function...
Aug 15, 2023This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of LangChain. Attackers can exploit the Py...
Aug 15, 2023This vulnerability in LangChain allows remote attackers to execute arbitrary code by manipulating the prompt parameter. It affects all systems running...
Aug 15, 2023This vulnerability in LangChain version 0.0.194 allows remote code execution through unsafe Python exec() calls in PALChain functions. Attackers can e...
Aug 5, 2023This vulnerability in LangChain version 0.0.64 allows remote attackers to execute arbitrary Python code through the PALChain parameter. Attackers can ...
Jul 6, 2023This vulnerability in LangChain allows attackers to execute arbitrary Python code through malicious inputs containing os.system, exec, or eval functio...
Jul 3, 2023Langchain 0.0.171 contains a vulnerability in the load_prompt function that allows arbitrary code execution when loading malicious prompt files. This ...
Jun 20, 2023Langchain versions before 0.0.225 contain a remote code execution vulnerability in the JiraAPIWrapper component. Attackers can execute arbitrary code ...
Jun 14, 2023This vulnerability in LangChain's LLMMathChain allows attackers to inject malicious prompts that execute arbitrary Python code via the exec() method. ...
Apr 5, 2023Why Monitor Langchain Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Langchain products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Langchain packages in under 60 seconds. No agents required - completely agentless scanning that works across Langchain deployments.
Free vulnerability database: Access detailed information about every Langchain CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Langchain CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
