864 matches found
CVE-2026-7846
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...
CVE-2026-44843
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...
CVE-2026-30617
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...
ROOT-APP-NPM-CVE-2026-26019 CVE-2026-26019 in @rootio/langchain__community - Patched by Root
Root has patched CVE-2026-26019 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-27795 CVE-2026-27795 in @rootio/langchain__community - Patched by Root
Root has patched CVE-2026-27795 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-41481 CVE-2026-41481 in rootio-langchain-text-splitters - Patched by Root
Root has patched CVE-2026-41481 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-68664 CVE-2025-68664 in rootio-langchain-core - Patched by Root
Root has patched CVE-2025-68664 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-44843 CVE-2026-44843 in rootio-langchain-core - Patched by Root
Root has patched CVE-2026-44843 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-34070 CVE-2026-34070 in rootio-langchain-core - Patched by Root
Root has patched CVE-2026-34070 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-40087 CVE-2026-40087 in rootio-langchain-core - Patched by Root
Root has patched CVE-2026-40087 in the rootio-langchain-core package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2025-6985 CVE-2025-6985 in rootio-langchain-text-splitters - Patched by Root
Root has patched CVE-2025-6985 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...
CVE-2026-44843 vulnerabilities
Vulnerabilities for packages: py3-langchain, py3-langchain-core...
GHSA-PJWX-R37V-7724 vulnerabilities
Vulnerabilities for packages: py3-langchain, py3-langchain-core...
GHSA-PJWX-R37V-7724 vulnerabilities
Vulnerabilities for packages: py3-langchain, py3-langchain-core...
CVE-2026-44843 vulnerabilities
Vulnerabilities for packages: py3-langchain, py3-langchain-core...
CVE-2026-45134
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...
CVE-2026-44843
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...
CVE-2026-44843 LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...
CVE-2026-44843
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...
EUVD-2026-31976
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load with...