16 matches found
CVE-2026-55405
LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...
CVE-2026-55405
LangChain4j contains a SQL injection vulnerability in the embedding stores for MariaDB and pgvector. Prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, metadata filter keys (and, for MariaDB, some string values) are concatenated directly into SQL in EmbeddingSearchRequ...
CVE-2026-55405 LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...
CVE-2026-55405 LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...
CVE-2026-49042 Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...
CVE-2026-49042 Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...
EUVD-2025-2569
Malicious code in bioql PyPI...
CVE-2025-21604
LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...
CVE-2025-21604
LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...
CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts
LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...
CVE-2025-21604
CVE-2025-21604 affects LangChain4j-AIDeepin before version 3.5.0. The root cause is the use of MD5 to hash files, which may cause file upload conflicts. The issue is fixed in 3.5.0. Remediation: upgrade to 3.5.0 (or later). Exploitation details are not provided in the available documents.
CVE-2025-21604 LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts
LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0...
LangChain4j-AIDeepin 安全漏洞
LangChain4j-AIDeepin is an AI-based work efficiency improvement tool by moyangzhan's personal developer. It can be used to assist enterprises/teams in technical research and development, product design, personnel/financial/IT information consulting, system/commodity consulting, customer service...
PT-2025-4294 · Unknown · Langchain4J-Aideepin
Name of the Vulnerable Software and Affected Versions: LangChain4j-AIDeepin versions prior to 3.5.0 Description: LangChain4j-AIDeepin is a Retrieval enhancement generation RAG project. Prior to version 3.5.0, it used MD5 to hash files, which may cause file upload conflicts. Recommendations: For...
This Week in Spring - November 12th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...