Vulnerabilities > Langchain > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-7042 SQL Injection vulnerability in Langchain
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection.
network
low complexity
langchain CWE-89
critical
 9.8
9.8
2024-10-29 CVE-2024-7774 Path Traversal vulnerability in Langchain 0.2.5
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5.
network
low complexity
langchain CWE-22
critical
 9.1
9.1
2024-10-29 CVE-2024-8309 Injection vulnerability in Langchain 0.2.5
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection.
network
low complexity
langchain CWE-74
critical
 9.8
9.8
2024-03-01 CVE-2024-2057 Unspecified vulnerability in Langchain 0.0.26
A vulnerability was found in LangChain langchain_community 0.0.26.
network
low complexity
langchain
critical
 9.8
9.8
2023-10-09 CVE-2023-44467 Unspecified vulnerability in Langchain Experimental 0.0.14
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
network
low complexity
langchain
critical
 9.8
9.8
2023-09-01 CVE-2023-39631 Code Injection vulnerability in Langchain 0.0.245
An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.
network
low complexity
langchain CWE-94
critical
 9.8
9.8
2023-08-22 CVE-2023-36281 Code Injection vulnerability in Langchain 0.0.171
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt.
network
low complexity
langchain CWE-94
critical
 9.8
9.8
2023-08-15 CVE-2023-38860 Code Injection vulnerability in Langchain 0.0.231
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
network
low complexity
langchain CWE-94
critical
 9.8
9.8
2023-08-15 CVE-2023-38896 Injection vulnerability in Langchain
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
network
low complexity
langchain CWE-74
critical
 9.8
9.8
2023-08-15 CVE-2023-39659 Injection vulnerability in Langchain
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
network
low complexity
langchain CWE-74
critical
 9.8
9.8