104 matches found
CVE-2025-64104
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
CVE-2025-64104
LangGraph SQLite Checkpoint (SqliteStore) has a SQL injection vulnerability due to direct string concatenation when building JSON path-based filters. Effective prior to version 2.0.11, this flaw could allow attackers with local privileges to inject arbitrary SQL and bypass access controls. The is...
CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...
PT-2025-44346
Name of the Vulnerable Software and Affected Versions LangGraph versions prior to 2.0.11 Description The LangGraph SQLite Checkpoint component, used with SQLite databases, contains SQL injection flaws. This is due to direct string concatenation without proper parameterization, which allows...
langchainlanggraph-checkpoint-sqlite SQL注入漏洞
langchainlanggraph-checkpoint-sqlite is an open source database connectivity Python library from LangChain. An SQL injection vulnerability exists in langchainlanggraph-checkpoint-sqlite versions prior to 2.0.11, which stems from the use of a direct string concatenation that is not properly...
katalyst (=0.9.1), paper-sage (=1.0.5) +2 more potentially affected by CVE-2025-64104 +1 more via langgraph-checkpoint-sqlite (>=2.0.0 <=2.0.10)
langgraph-checkpoint-sqlite PYPI version =2.0.0, =1.0.1, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-64104, CVE-2025-8709 Source advisory: SNYK:PYTHON-LANGGRAPHCHECKPOINTSQLITE-13720747...
SQL Injection
Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via improper handling of filter $eq, $ne, $gt, $lt, $gte, $lte operators in the LangGraph SQLite store implementation. An...
EUVD-2025-35939
A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
freiburg-ris-ca (=0.1.0), katalyst (=0.9.1) +4 more potentially affected by CVE-2025-8709 via langgraph-checkpoint-sqlite (>=1.0.4 <=2.0.10)
langgraph-checkpoint-sqlite PYPI version =1.0.4, =1.0.1, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-8709 Source advisory: OSV:GHSA-4H97-WPXP-3757...
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
GHSA-4H97-WPXP-3757 LangGraph's SQLite store implementation has a SQL Injection Vulnerability
A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
CVE-2025-8709
A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
CVE-2025-8709 SQL Injection in langchain-ai/langchain
A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
CVE-2025-8709 SQL Injection in langchain-ai/langchain
A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
CVE-2025-8709
CVE-2025-8709 affects langgraph-checkpoint-sqlite 2.0.10 in LangGraph’s SQLite store. The root cause is improper string concatenation of filter keys in _get_filter_condition(), allowing SQL injection via filter parameters and potentially exposing all documents and sensitive fields (e.g., password...
PT-2025-43747
Name of the Vulnerable Software and Affected Versions langgraph-checkpoint-sqlite version 2.0.10 Description A SQL injection vulnerability exists in the LangGraph's SQLite store implementation within the langchain-ai/langgraph repository. The issue stems from improper handling of filter operators...
SQLite Operator-Based SQL Injection Vulnerability in LangGraph
This report is not public...
agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +36 more potentially affected by CVE-2024-8952 via composio-core (>=0.3.13 <=0.7.21)
composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2024-8952 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637813...