Vulnerabilities > Langchain
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7042 | SQL Injection vulnerability in Langchain A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. | 9.8 |
| 2024-10-29 | CVE-2024-7774 | Path Traversal vulnerability in Langchain 0.2.5 A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. | 9.1 |
| 2024-10-29 | CVE-2024-8309 | Injection vulnerability in Langchain 0.2.5 A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. | 9.8 |
| 2024-07-15 | CVE-2024-21513 | Unspecified vulnerability in Langchain Langchain-Experimental Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. | 8.5 |
| 2024-06-06 | CVE-2024-2965 | Uncontrolled Recursion vulnerability in Langchain A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. | 4.7 |
| 2024-06-06 | CVE-2024-3095 | Server-Side Request Forgery (SSRF) vulnerability in Langchain A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. | 7.7 |
| 2023-10-20 | CVE-2023-32786 | Injection vulnerability in Langchain In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 7.5 |
| 2023-10-19 | CVE-2023-46229 | Server-Side Request Forgery (SSRF) vulnerability in Langchain LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | 8.8 |
| 2023-10-09 | CVE-2023-44467 | Unspecified vulnerability in Langchain Experimental 0.0.14 langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py. | 9.8 |
| 2023-09-01 | CVE-2023-39631 | Code Injection vulnerability in Langchain 0.0.245 An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | 9.8 |