Vulnerabilities > Langchain

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-7042 SQL Injection vulnerability in Langchain
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection.
network
low complexity
langchain CWE-89
critical
9.8
2024-10-29 CVE-2024-7774 Path Traversal vulnerability in Langchain 0.2.5
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5.
network
low complexity
langchain CWE-22
critical
9.1
2024-10-29 CVE-2024-8309 Injection vulnerability in Langchain 0.2.5
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection.
network
low complexity
langchain CWE-74
critical
9.8
2024-07-15 CVE-2024-21513 Unspecified vulnerability in Langchain Langchain-Experimental
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values.
network
high complexity
langchain
8.5
2024-06-06 CVE-2024-2965 Unspecified vulnerability in Langchain
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions.
local
high complexity
langchain
4.7
2024-06-06 CVE-2024-3095 Unspecified vulnerability in Langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5.
network
low complexity
langchain
7.7
2023-10-20 CVE-2023-32786 Injection vulnerability in Langchain
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
network
low complexity
langchain CWE-74
7.5
2023-10-19 CVE-2023-46229 Server-Side Request Forgery (SSRF) vulnerability in Langchain
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
network
low complexity
langchain CWE-918
8.8
2023-10-09 CVE-2023-44467 Unspecified vulnerability in Langchain Experimental 0.0.14
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
network
low complexity
langchain
critical
9.8
2023-09-01 CVE-2023-39631 Code Injection vulnerability in Langchain 0.0.245
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
network
low complexity
langchain CWE-94
critical
9.8