CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

ROOT-APP-NPM-CVE-2026-26019 CVE-2026-26019 in @rootio/langchain__community - Patched by Root

Root has patched CVE-2026-26019 in the @rootio/langchaincommunity package for Root:npm. Multiple fixed versions available...

@cognigy/cognigy-cli (>=1.9.7 <=2.2.7), @maderelevant/n8n-nodes-helicone-v2 (=0.0.1) +25 more potentially affected by CVE-2026-27795 via @langchain/community (>=1.0.0 <=1.1.16)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.1.0, =0.2.0, =0.20.0, =0.21.0, =0.0.16, =1.4.13, =1.0.1, =1.0.0, =3.1.0, =0.3.0, =0.3.1 and more Source cves: CVE-2026-27795 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15354988...

Server-side Request Forgery (SSRF)

Overview @langchain/community is a Third-party integrations for LangChain.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RecursiveUrlLoader class. An attacker can access internal network resources or sensitive cloud metadata by supplying a public U...

LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Summary A redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metada...

GHSA-MPHV-75CG-56WG LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

Summary A redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects automatically, which permits a transition from a safe public URL to an internal or metada...

CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...

CVE-2026-27795 LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader

LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery SSRF bypass exists in RecursiveUrlLoader in @langchain/community. The loader validates the initial URL but allows the underlying fetch to follow redirects...

CVE-2026-27795

CVE-2026-27795 concerns the LangChain JS community loader (RecursiveUrlLoader in @langchain/community). Prior to version 1.1.8, it could bypass SSRF protections by allowing automatic redirects after validating the initial URL, enabling a transition from a safe public URL to an internal/metadata e...

Server-side Request Forgery (SSRF)

Overview @langchain/community is a Third-party integrations for LangChain.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RecursiveUrlLoader class. An attacker can access internal or sensitive resources by influencing crawled page content to include...

@cognigy/cognigy-cli (>=1.9.7 <=2.1.0), @meta-1/nest-ai (>=0.0.1 <=0.0.5) +10 more potentially affected by CVE-2026-26019 via @langchain/community (>=1.0.0 <=1.1.12)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.2.0, =0.0.16, =1.4.13, =1.0.0, =3.1.0, =0.3.0, =0.0.210, =0.1.1, =0.1.2 Source cves: CVE-2026-26019 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15268428...

CVE-2026-26019 @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting URL. Its preventOutside option enabled by default is intended to restrict crawling to the same site...

XML External Entity (XXE)

langchaincommunity is vulnerable to XML External Entity XXE. The vulnerability is due to insecure XML parsing in the EverNoteLoader component that uses etree.iterparse without disabling external entity references, which allows an attacker to craft a malicious XML payload to access sensitive local...

EUVD-2025-18953

Malicious code in bioql PyPI...

a-data-processing (=0.0.1), a2a-client-handler (=0.1.0) +627 more potentially affected by CVE-2025-6984 via langchain-community (>=0.0.1 <=0.3.26)

langchain-community PYPI version =0.0.1, =0.1.0, =4.8.2, =0.1.0, =0.1.0, =0.0.2, =0.1.31, =0.0.1, =0.1.0, =0.0.1, =0.0.3.155020 - agentlite-llm =0.1.12 and more Source cves: CVE-2025-6984 Source advisory: OSV:GHSA-PC6W-59FV-RH23...

Langchain Community Vulnerable to XML External Entity (XXE) Attacks

The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity XXE attacks due to insecure XML parsing. The vulnerability arises from the use of etree.iterparse without disabling external entity references, which can lead to sensitive informati...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via insecure use of etree.iterparse parsing. An attacker can access sensitive information by submitting crafted XML payload with referencies to local files. Details XXE Injection is a type of attack...

CVE-2025-2828

A Server-Side Request Forgery SSRF flaw was found in the langchain-community package due to a lack of restriction enforcement on specific internet addresses. This flaw allows an attacker to access local services, conduct port scans, retrieve instance metadata, or interact with local network...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +145 more potentially affected by CVE-2025-2828 via langchain-community (>=0.0.1 <=0.0.27)

langchain-community PYPI version =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.0.14 - bisheng-langchain =0.2.3.1 and more Source cves: CVE-2025-2828 Source advisory: SNYK:PYTHON-LANGCHAINCOMMUNITY-10496412...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +145 more potentially affected by CVE-2025-2828 via langchain-community (>=0.0.1 <=0.0.27)

langchain-community PYPI version =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.0.14 - bisheng-langchain =0.2.3.1 and more Source cves: CVE-2025-2828 Source advisory: OSV:GHSA-H5GC-RM8J-5GPR...