115 matches found
langgraph SQL注入漏洞
langgraph is a large modeling framework open source by LangChain. An SQL injection vulnerability exists in langgraph 3.0.0 and earlier versions, which stems from an unvalidated metadata filter key that could lead to an SQL injection attack...
langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (=3.0.0)
langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: CVE-2025-67644 Source advisory:...
SQL Injection
Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via the metadatapredicate function. An attacker can execute arbitrary SQL commands by supplying crafted metadata filter...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
EUVD-2025-202333
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-67644
LangGraph SQLite Checkpoint (langgraph-checkpoint-sqlite) is vulnerable to SQL injection in the _metadata_predicate() path, where unvalidated metadata filter keys are interpolated into SQL. Affected versions are 3.0.0 and earlier; fixed in 3.0.1. The issue allows attackers controlling filter keys...
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...
langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by unknown CVE via langgraph-checkpoint-sqlite (=3.0.0)
langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: unknown CVE Source advisory:...
a-mailx (=0.1.0), ai-security-analyzer (>=0.0.45 <=0.0.55) +16 more potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (>=1.0.4 <=3.0.0)
langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.0.45, =0.1.0a2, =0.4.3, =0.1.0a1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =1.3.41 and more Source cves: CVE-2025-67644 Source advisory: OSV:GHSA-9RWJ-6RC7-P77C...
PT-2025-50558
Name of the Vulnerable Software and Affected Versions LangGraph versions 3.0.0 and below Description The LangGraph SQLite Checkpoint component, used for saving data with SQLite databases, has a flaw. Versions 3.0.0 and below are susceptible to SQL injection. This occurs because the metadata...
CVE-2025-64439
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
CVE-2025-64439
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
EUVD-2025-37934
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
CVE-2025-64439
CVE-2025-64439 : LangGraph SQLite Checkpoint uses JsonPlusSerializer (default for all checkpointing) with a potential RCE when deserializing payloads saved in the json mode. Prior to 3.0.0, if Unicode surrogate values caused serialization to fail, it could fall back to json, enabling deserializat...
CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
langgraph 代码问题漏洞
langgraph is a large modeling framework open-sourced by LangChain. A code issue vulnerability exists in langgraph version 2.1.2 and below, which stems from a remote code execution vulnerability in JsonPlusSerializer when deserializing payloads saved in json mode...