6 matches found
CVE-2025-2828
creationtimestamp| type| source ---|---|--- 2025-06-24 01:04:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lscvoh4hru2a 2025-06-24 13:50:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19331...
CVE-2025-2828
A Server-Side Request Forgery SSRF flaw was found in the langchain-community package due to a lack of restriction enforcement on specific internet addresses. This flaw allows an attacker to access local services, conduct port scans, retrieve instance metadata, or interact with local network...
a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +145 more potentially affected by CVE-2025-2828 via langchain-community (>=0.0.1 <=0.0.27)
langchain-community PYPI version =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.0.14 - bisheng-langchain =0.2.3.1 and more Source cves: CVE-2025-2828 Source advisory: OSV:GHSA-H5GC-RM8J-5GPR...
a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +145 more potentially affected by CVE-2025-2828 via langchain-community (>=0.0.1 <=0.0.27)
langchain-community PYPI version =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.0.14 - bisheng-langchain =0.2.3.1 and more Source cves: CVE-2025-2828 Source advisory: OSV:PYSEC-2025-70...
CVE-2025-2828 SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain
A Server-Side Request Forgery SSRF vulnerability exists in the RequestsToolkit component of the langchain-community package specifically, langchaincommunity.agenttoolkits.openapi.toolkit.RequestsToolkit in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does n...
CVE-2025-2828
CVE-2025-2828 describes an SSRF flaw in the RequestsToolkit of langchain-ai/langchain (langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) affecting version 0.0.27. The vulnerability arises from insufficiently restricted requests to remote internet addresses, enabling an attacker ...