Vulnerabilities > Langchain > Langchain > 0.1.16

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-7042 SQL Injection vulnerability in Langchain
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection.
network
low complexity
langchain CWE-89
critical
 9.8
9.8
2024-06-06 CVE-2024-2965 Unspecified vulnerability in Langchain
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions.
local
high complexity
langchain
4.7
4.7
2024-06-06 CVE-2024-3095 Unspecified vulnerability in Langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5.
network
low complexity
langchain
7.7
7.7