80 matches found
ROOT-APP-PYPI-CVE-2026-45134 CVE-2026-45134 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-45134 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-41182 CVE-2026-41182 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-41182 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-GHSA-RR7J-V2Q5-CHGV GHSA-rr7j-v2q5-chgv in rootio-langsmith - Patched by Root
Root has patched GHSA-rr7j-v2q5-chgv in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-25528 CVE-2026-25528 in rootio-langsmith - Patched by Root
Root has patched CVE-2026-25528 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
SUSE CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
EUVD-2026-32640
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-45134
LangSmith CVE-2026-45134 affects LangSmith Client SDKs with prompt-pull methods that fetch/deserialize prompt manifests from LangSmith Hub. The issue allows manifest content to be influenced by external parties when pulling a public prompt (owner/name), because prior SDKs did not distinguish such...
CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
LangSmith Client SDKs 代码问题漏洞
LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.8.0 and JS/TS versions prior to 0.6.0 have code vulnerabilities. This vulnerability stems from the lack of differentiation between public prompts and internal organization-specifi...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...
ROOT-APP-NPM-CVE-2026-45134 CVE-2026-45134 in @rootio/langsmith - Patched by Root
Root has patched CVE-2026-45134 in the @rootio/langsmith package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-40190 CVE-2026-40190 in @rootio/langsmith - Patched by Root
Root has patched CVE-2026-40190 in the @rootio/langsmith package for Root:npm. Multiple fixed versions available...
CVE-2026-44504
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
Description The LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime...
0xgasless-mcp (>=1.0.3 <=1.0.5), 4d-vector-search (>=1.0.0 <=1.0.1) +3116 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.32 <=0.5.4)
langsmith NPM version =0.0.32, =1.0.3, =1.0.0, =1.11.0, =0.0.5, =0.0.1, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.6, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...
a-data-processing (=0.0.1), a-mailx (=0.1.0) +1492 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.10 <=0.7.38)
langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...