ROOT-APP-PYPI-CVE-2025-68664 CVE-2025-68664 in rootio-langchain-core - Patched by Root

Root has patched CVE-2025-68664 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...

📄 LangChain Core Insecure Deserialization

LangChain Core versions prior to 1.2.5 and 0.3.81 suffer from a deserialization vulnerability that allows for server-side template injection that can lead to remote code execution. Exploit Title: LangChain Core - SSTI/RCE Date: 2025-12-29 Exploit Author: Mohammed Idrees Banyamer Author Country:...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js and LangChain

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js and LangChain. CVE-2025-65945, CVE-2025-68664, CVE-2025-12758 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION:...

Critical: Red Hat Security Advisory: Red Hat OpenShift Lightspeed 1.0.9 security update

Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes and container updates. Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated into the OpenShift console. It can answer questions related to OpenShift and layered offerings. Security Fixes:...

CVE-2025-68664 vulnerabilities

Vulnerabilities for packages: py3-langchain...

CVE-2025-68664

creationtimestamp| type| source ---|---|--- 2025-12-23 23:44:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3maowjvnaam2p 2025-12-24 01:35:00+00:00| seen| https://infosec.exchange/users/offseq/statuses/115771971926680769 2025-12-24 01:35:01+00:00| seen|...

accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +347 more potentially affected by CVE-2025-68664 via langchain-core (>=0.4.0.dev0 <=1.2.4)

langchain-core PYPI version =0.4.0.dev0, =0.0.2, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1225 more potentially affected by CVE-2025-68664 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-68664 Source advisory: SNYK:PYTHON-LANGCHAINCORE-14560681...

accessiqlue (=2025.12.21154255), agent-builder (>=0.0.2 <=0.1.7) +336 more potentially affected by CVE-2025-68664 via langchain-core (>=1.0.0 <=1.2.4)

langchain-core PYPI version =1.0.0, =0.0.2, =0.1.0, =0.1.0, =0.1.1 - ai-benchmark-analyzer =2025.12.21193050 - ai-claim-essence =2025.12.20202921 - ai-design-insights =2025.12.21145447 - ai-mysql-translator =2025.12.21101721 - ai-reliability-analyzer =2025.12.21171415 - ai-risk-extractor...

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1225 more potentially affected by CVE-2025-68664 via langchain-core (>=0.0.1 <=0.3.8)

langchain-core PYPI version =0.0.1, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =3.2.0, =2.1.7, =0.0.2, =0.0.5 and more Source cves: CVE-2025-68664 Source advisory: OSV:GHSA-C67J-W6G6-Q2CM...

accordo.it XSS vulnerability

Vulnerable URL: https://www.accordo.it/index.php/site/login?rf=x%22%3E%3CsvG%20onLoad=prompt9%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 68664 VIP website status:| No Coordinated Disclosure Timeline:...