PT-2025-50558

Name of the Vulnerable Software and Affected Versions LangGraph versions 3.0.0 and below Description The LangGraph SQLite Checkpoint component, used for saving data with SQLite databases, has a flaw. Versions 3.0.0 and below are susceptible to SQL injection. This occurs because the metadata...

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439

CVE-2025-64439 : LangGraph SQLite Checkpoint uses JsonPlusSerializer (default for all checkpointing) with a potential RCE when deserializing payloads saved in the json mode. Prior to 3.0.0, if Unicode surrogate values caused serialization to fail, it could fall back to json, enabling deserializat...

EUVD-2025-37934

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

langgraph 代码问题漏洞

langgraph is a large modeling framework open-sourced by LangChain. A code issue vulnerability exists in langgraph version 2.1.2 and below, which stems from a remote code execution vulnerability in JsonPlusSerializer when deserializing payloads saved in json mode...

deepagents (=0.0.12rc3), gradient-adk (>=0.0.3 <=0.1.9) +2 more potentially affected by CVE-2025-64439 via langgraph (>=1.0.0 <=1.0.0a4)

langgraph PYPI version =1.0.0, =0.0.3, =0.1.9 - langchain =1.0.0a10 - novachain =0.1.0 Source cves: CVE-2025-64439 Source advisory: SNYK:PYTHON-LANGGRAPH-13843663...

Deserialization of Untrusted Data

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer deserialization process of payloads saved in the json serialization mode. An attacker can execute arbitrar...

Deserialization of Untrusted Data

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer deserialization process of payloads saved in the json serialization mode. ...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +265 more potentially affected by CVE-2025-64439 via langgraph-checkpoint (>=1.0.12 <=2.1.2)

langgraph-checkpoint PYPI version =1.0.12, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.2.0a1, =0.2.5a2, =0.0.3rc0, =0.8.0, =0.1.0, =0.1.37 and more Source cves: CVE-2025-64439 Source advisory: OSV:GHSA-WWQV-P2PP-99H5...

GHSA-WWQV-P2PP-99H5 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

PT-2025-45384

Name of the Vulnerable Software and Affected Versions LangGraph versions 2.1.2 and below Description LangGraph’s SQLite Checkpoint, which utilizes SQLite databases for checkpoint saving, contains a Remote Code Execution RCE issue in the JsonPlusSerializer when deserializing payloads saved in "jso...

CVE-2025-64104

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

EUVD-2025-36720

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore...

freiburg-ris-ca (=0.1.0), katalyst (=0.9.1) +4 more potentially affected by CVE-2025-64104 via langgraph-checkpoint-sqlite (>=1.0.4 <=2.0.10)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =1.0.1, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-64104 Source advisory: OSV:GHSA-7P73-8JQX-23R8...

GHSA-7P73-8JQX-23R8 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...