2 matches found
CVE-2026-34070 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...
MAL-2025-139400 Malicious code in antares-config-prompts-kinetic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 416d76dab1ee5c855fec1bd08f77080762c427bf97170b08dc63dfcd76b77258 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...