Lucene search
K

95 matches found

RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59152

A flaw was found in the LangSmith Client SDK's TracingMiddleware. An attacker can send an HTTP request to a server running the TracingMiddleware, causing it to read an arbitrary file from its local filesystem. The contents of this file are then uploaded to LangSmith as a trace attachment. This...

5CVSS6.1AI score0.00174EPSS
Exploits0References4
OSV
OSV
added last week6 views

ROOT-APP-PYPI-GHSA-F4XH-W4CJ-QXQ8 GHSA-f4xh-w4cj-qxq8 in rootio-langsmith - Patched by Root

Root has patched GHSA-f4xh-w4cj-qxq8 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added last week19 views

ROOT-APP-PYPI-CVE-2026-45134 CVE-2026-45134 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-45134 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

7.1CVSS5.8AI score0.00199EPSS
Exploits0
OSV
OSV
added last week5 views

ROOT-APP-PYPI-GHSA-RR7J-V2Q5-CHGV GHSA-rr7j-v2q5-chgv in rootio-langsmith - Patched by Root

Root has patched GHSA-rr7j-v2q5-chgv in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.3AI score
Exploits0
OSV
OSV
added last week21 views

ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00214EPSS
Exploits0
OSV
OSV
added last week16 views

ROOT-APP-PYPI-CVE-2026-25528 CVE-2026-25528 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-25528 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

5.8CVSS5.3AI score0.00282EPSS
Exploits0
NVD
NVD
added 2026/07/06 4:16 p.m.7 views

CVE-2026-59152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 2:26 p.m.34 views

CVE-2026-59152 Arbitrary server-side file read in LangSmith SDK TracingMiddleware

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:26 p.m.4 views

CVE-2026-59152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 2:26 p.m.3 views

CVE-2026-59152 Arbitrary server-side file read in LangSmith SDK TracingMiddleware

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS6AI score0.00174EPSS
Exploits0References3
Wolfi
Wolfi
added 2026/06/23 8:20 p.m.7 views

GHSA-F4XH-W4CJ-QXQ8 vulnerabilities

Vulnerabilities for packages: py3-langsmith, open-webui...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/06/19 10:10 p.m.10 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the file attachments handling. An attacker can access local files on the...

7.1CVSS6AI score0.00174EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 10:10 p.m.23 views

GHSA-F4XH-W4CJ-QXQ8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read

Summary An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deploye...

7.7CVSS6AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.8 views

PT-2026-55945

Name of the Vulnerable Software and Affected Versions LangSmith Client SDKs versions prior to 0.8.18 Description An issue exists in the TracingMiddleware where an attacker can send an HTTP request to a server to force the reading of an arbitrary file from the local filesystem. The contents of the...

7.7CVSS6.2AI score0.00174EPSS
Exploits0References11
OSV
OSV
added 2026/06/08 6:38 a.m.8 views

ROOT-APP-NPM-CVE-2026-41182 CVE-2026-41182 in @rootio/langsmith - Patched by Root

Root has patched CVE-2026-41182 in the @rootio/langsmith package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00214EPSS
Exploits0
OSV
OSV
added 2026/06/08 6:38 a.m.10 views

ROOT-APP-NPM-CVE-2026-45134 CVE-2026-45134 in @rootio/langsmith - Patched by Root

Root has patched CVE-2026-45134 in the @rootio/langsmith package for Root:npm. Multiple fixed versions available...

7.1CVSS5.8AI score0.00199EPSS
Exploits0
OSV
OSV
added 2026/06/08 6:38 a.m.6 views

ROOT-APP-NPM-CVE-2026-40190 CVE-2026-40190 in @rootio/langsmith - Patched by Root

Root has patched CVE-2026-40190 in the @rootio/langsmith package for Root:npm. Multiple fixed versions available...

5.6CVSS5.7AI score0.00313EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:1 p.m.16 views

CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.12 views

SUSE CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder