SQL Injection

langgraph-checkpoint-sqlite is vulnerable to SQL Injection. The vulnerability is due to use of direct string concatenation without proper parameterization in database queries, which allows an attacker to inject arbitrary SQL and bypass access controls...

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via the metadatapredicate function. An attacker can execute arbitrary SQL commands by supplying crafted metadata filter...

langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (=3.0.0)

langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: CVE-2025-67644 Source advisory:...

langgraph-agent-toolkit (>=0.8.0 <=0.8.15) potentially affected by unknown CVE via langgraph-checkpoint-sqlite (=3.0.0)

langgraph-checkpoint-sqlite PYPI version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on langgraph-checkpoint-sqlite and may be impacted: - langgraph-agent-toolkit =0.8.0, =0.8.15 Source cves: unknown CVE Source advisory:...

a-mailx (=0.1.0), ai-security-analyzer (>=0.0.45 <=0.0.55) +16 more potentially affected by CVE-2025-67644 via langgraph-checkpoint-sqlite (>=1.0.4 <=3.0.0)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.0.45, =0.1.0a2, =0.4.3, =0.1.0a1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.14 - my-agent =0.1.0 - novachain =0.1.0 - paper-sage =1.0.5 and more Source cves: CVE-2025-67644 Source advisory: OSV:GHSA-9RWJ-6RC7-P77C...

Deserialization of Untrusted Data

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer deserialization process of payloads saved in the json serialization mode. ...

freiburg-ris-ca (=0.1.0), katalyst (=0.9.1) +2 more potentially affected by CVE-2025-64104 via langgraph-checkpoint-sqlite (>=1.0.4 <=2.0.10)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-64104 Source advisory: OSV:GHSA-7P73-8JQX-23R8...

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

langchainlanggraph-checkpoint-sqlite SQL注入漏洞

langchainlanggraph-checkpoint-sqlite is an open source database connectivity Python library from LangChain. An SQL injection vulnerability exists in langchainlanggraph-checkpoint-sqlite versions prior to 2.0.11, which stems from the use of a direct string concatenation that is not properly...

freiburg-ris-ca (=0.1.0), katalyst (=0.9.1) +2 more potentially affected by CVE-2025-8709 via langgraph-checkpoint-sqlite (>=1.0.4 <=2.0.10)

langgraph-checkpoint-sqlite PYPI version =1.0.4, =0.1.0a1, =0.1.0a24 Source cves: CVE-2025-8709 Source advisory: OSV:GHSA-4H97-WPXP-3757...

langchainlanggraph-checkpoint-sqlite SQL注入漏洞

langchainlanggraph-checkpoint-sqlite is an open source database connectivity Python library from LangChain. An SQL injection vulnerability exists in langchainlanggraph-checkpoint-sqlite version 2.0.10, which stems from improper handling of the filter operator and could lead to an SQL injection...