Vulnerabilities > Langchain

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2023-36281 Code Injection vulnerability in Langchain 0.0.171
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt.
network
low complexity
langchain CWE-94
critical
 9.8
9.8
2023-08-15 CVE-2023-38860 Code Injection vulnerability in Langchain 0.0.231
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
network
low complexity
langchain CWE-94
critical
 9.8
9.8
2023-08-15 CVE-2023-38896 Injection vulnerability in Langchain
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
network
low complexity
langchain CWE-74
critical
 9.8
9.8
2023-08-15 CVE-2023-39659 Injection vulnerability in Langchain
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
network
low complexity
langchain CWE-74
critical
 9.8
9.8
2023-08-05 CVE-2023-36095 Code Injection vulnerability in Langchain 0.0.194
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
network
low complexity
langchain CWE-94
critical
 9.8
9.8
2023-07-06 CVE-2023-36188 Injection vulnerability in Langchain 0.0.64
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.
network
low complexity
langchain CWE-74
critical
 9.8
9.8
2023-07-06 CVE-2023-36189 SQL Injection vulnerability in Langchain 0.0.64
SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.
network
low complexity
langchain CWE-89
7.5
7.5
2023-07-03 CVE-2023-36258 Unspecified vulnerability in Langchain 0.0.199
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
network
low complexity
langchain
critical
 9.8
9.8
2023-06-20 CVE-2023-34541 Unspecified vulnerability in Langchain 0.0.171
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
network
low complexity
langchain
critical
 9.8
9.8
2023-06-14 CVE-2023-34540 Unspecified vulnerability in Langchain 0.0.171
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper).
network
low complexity
langchain
critical
 9.8
9.8