Lucene search
K

115 matches found

CNNVD
CNNVD
added 2025/12/11 12:0 a.m.10 views

langgraph SQL注入漏洞

langgraph is a large modeling framework open source by LangChain. An SQL injection vulnerability exists in langgraph 3.0.0 and earlier versions, which stems from an unvalidated metadata filter key that could lead to an SQL injection attack...

7.8CVSS7.5AI score0.02073EPSS
Exploits2References3
vulnersOsv
vulnersOsv
added 2025/12/10 11:58 p.m.4 views

langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (=3.0.0)

langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: CVE-2025-67644 Source advisory:...

7.8CVSS6AI score0.02073EPSS
Exploits2
Snyk
Snyk
added 2025/12/10 11:58 p.m.5 views

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via the metadatapredicate function. An attacker can execute arbitrary SQL commands by supplying crafted metadata filter...

8.5CVSS6.3AI score0.02073EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/12/10 11:37 p.m.34 views

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

7.3CVSS0.02073EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/12/10 11:37 p.m.5 views

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

7.3CVSS7.4AI score0.02073EPSS
Exploits2References2
EUVD
EUVD
added 2025/12/10 11:37 p.m.10 views

EUVD-2025-202333

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

7.3CVSS7.3AI score0.02073EPSS
Exploits2References3
OSV
OSV
added 2025/12/10 11:37 p.m.10 views

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

7.3CVSS7.8AI score0.02073EPSS
Exploits2References4
CVE
CVE
added 2025/12/10 11:37 p.m.128 views

CVE-2025-67644

LangGraph SQLite Checkpoint (langgraph-checkpoint-sqlite) is vulnerable to SQL injection in the _metadata_predicate() path, where unvalidated metadata filter keys are interpolated into SQL. Affected versions are 3.0.0 and earlier; fixed in 3.0.1. The issue allows attackers controlling filter keys...

7.8CVSS7.4AI score0.02073EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/12/10 12:2 a.m.36 views

LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method

Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...

7.8CVSS8.5AI score0.02073EPSS
Exploits2References4Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/10 12:2 a.m.11 views

langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by unknown CVE via langgraph-checkpoint-sqlite (=3.0.0)

langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/10 12:2 a.m.27 views

a-mailx (=0.1.0), ai-security-analyzer (>=0.0.45 <=0.0.55) +16 more potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (>=1.0.4 <=3.0.0)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.0.45, =0.1.0a2, =0.4.3, =0.1.0a1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =1.3.41 and more Source cves: CVE-2025-67644 Source advisory: OSV:GHSA-9RWJ-6RC7-P77C...

7.8CVSS5.8AI score0.02073EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.14 views

PT-2025-50558

Name of the Vulnerable Software and Affected Versions LangGraph versions 3.0.0 and below Description The LangGraph SQLite Checkpoint component, used for saving data with SQLite databases, has a flaw. Versions 3.0.0 and below are susceptible to SQL injection. This occurs because the metadata...

7.8CVSS6.1AI score0.02073EPSS
Exploits2References23
RedhatCVE
RedhatCVE
added 2025/11/10 6:12 a.m.6 views

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS7.2AI score0.00871EPSS
Exploits0References1
NVD
NVD
added 2025/11/07 9:15 p.m.8 views

CVE-2025-64439

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS0.00871EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/07 8:15 p.m.19 views

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS0.00871EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/07 8:15 p.m.2 views

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS6.8AI score0.00871EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/07 8:15 p.m.7 views

EUVD-2025-37934

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS6.7AI score0.00871EPSS
Exploits0References6
CVE
CVE
added 2025/11/07 8:15 p.m.70 views

CVE-2025-64439

CVE-2025-64439 : LangGraph SQLite Checkpoint uses JsonPlusSerializer (default for all checkpointing) with a potential RCE when deserializing payloads saved in the json mode. Prior to 3.0.0, if Unicode surrogate values caused serialization to fail, it could fall back to json, enabling deserializat...

7.4CVSS6.8AI score0.00871EPSS
Exploits0References4
OSV
OSV
added 2025/11/07 8:15 p.m.10 views

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS7.3AI score0.00871EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/07 12:0 a.m.4 views

langgraph 代码问题漏洞

langgraph is a large modeling framework open-sourced by LangChain. A code issue vulnerability exists in langgraph version 2.1.2 and below, which stems from a remote code execution vulnerability in JsonPlusSerializer when deserializing payloads saved in json mode...

7.4CVSS8AI score0.00871EPSS
Exploits0References5
Rows per page
Query Builder