High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-15	CVE-2024-21513	Unspecified vulnerability in Langchain Langchain-Experimental Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. network high complexity langchain	8.5
2024-06-06	CVE-2024-3095	Unspecified vulnerability in Langchain A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. network low complexity langchain	7.7
2024-03-04	CVE-2024-28088	Path Traversal vulnerability in Langchain LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. network low complexity langchain CWE-22	8.1
2023-10-20	CVE-2023-32786	Injection vulnerability in Langchain In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. network low complexity langchain CWE-74	7.5
2023-10-19	CVE-2023-46229	Server-Side Request Forgery (SSRF) vulnerability in Langchain LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. network low complexity langchain CWE-918	8.8
2023-07-06	CVE-2023-36189	SQL Injection vulnerability in Langchain 0.0.64 SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. network low complexity langchain CWE-89	7.5