Lucene search
+L

7 matches found

Github Security Blog
Github Security Blog
added 2026/06/17 6:39 p.m.16 views

LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2025/11/07 8:15 p.m.8 views

EUVD-2025-37934

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS6.7AI score0.00871EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/07 8:15 p.m.21 views

CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...

7.4CVSS0.00871EPSS
Exploits0References4
CVE
CVE
added 2025/11/07 8:15 p.m.71 views

CVE-2025-64439

CVE-2025-64439 : LangGraph SQLite Checkpoint uses JsonPlusSerializer (default for all checkpointing) with a potential RCE when deserializing payloads saved in the json mode. Prior to 3.0.0, if Unicode surrogate values caused serialization to fail, it could fall back to json, enabling deserializat...

7.4CVSS6.8AI score0.00871EPSS
Exploits0References4
OSV
OSV
added 2025/11/05 7:52 p.m.13 views

GHSA-WWQV-P2PP-99H5 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

7.4CVSS8.4AI score0.00871EPSS
Exploits0References6
Snyk
Snyk
added 2025/11/05 7:52 p.m.3 views

Deserialization of Untrusted Data

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer deserialization process of payloads saved in the json serialization mode. An attacker can execute arbitrar...

8.5CVSS7.7AI score0.00871EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/05 7:52 p.m.23 views

LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer

Summary Prior to langgraph-checkpoint version 3.0 , LangGraph’s JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a remote code execution RCE vulnerability when deserializing payloads saved in the "json" serialization mode. If an attacker can cause your...

7.4CVSS8.4AI score0.00871EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder