0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), @0xgasless/agent-sdk (>=0.1.1 <=0.1.2) +1343 more potentially affected by CVE-2025-68665 via @langchain/core (>=1.0.1 <=1.1.8-dev-1766775128110)

@langchain/core NPM version =1.0.1, =0.1.0-dev.0de2bc6, =0.1.1, =1.0.0, =0.1.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.48.0 - @adminforth/completion-adapter-open-ai-chat-gpt =2.0.21 and more Source cves: CVE-2025-68665 Source advisory: OSV:GHSA-R399-636X-V7F6...

act-workflow (>=4.8.2 <=4.8.399), agent-builder (=0.0.1) +14 more potentially affected by CVE-2024-10940 via langchain-core (>=0.3.0.dev4 <=0.3.14)

langchain-core PYPI version =0.3.0.dev4, =4.8.2, =0.1.6, =0.3.0, =0.1.14rc1, =0.1.8rc1, =0.3.0.dev1, =0.1.0, =4.2.1, =0.1.0, =0.4.16, =0.4.15, =0.5.8 and more Source cves: CVE-2024-10940 Source advisory: SNYK:PYTHON-LANGCHAINCORE-9486546...

CVE-2024-10940

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

CVE-2024-10940 Exposure of Sensitive System Information via ImagePromptTemplate in langchain-ai/langchain

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +151 more potentially affected by CVE-2024-28088 via langchain-core (>=0.0.1 <=0.1.3)

langchain-core PYPI version =0.0.1, =0.0.1, =0.8.0, =0.1.0, =0.2.0, =0.1.0, =0.1.5, =0.0.13, =0.3.5, =0.0.1, =0.0.4 and more Source cves: CVE-2024-28088 Source advisory: OSV:GHSA-H59X-P739-982C...

akasha-terminal (>=0.8.0 <=0.8.5), biochatter (>=0.3.5 <=0.4.12) +32 more potentially affected by CVE-2024-28088 via langchain-core (>=0.0.1 <=0.1.1)

langchain-core PYPI version =0.0.1, =0.8.0, =0.3.5, =0.3.16, =0.1.0, =0.0.1, =0.0.1, =0.0.5, =0.4.8, =1.7.0, =2.7.0 and more Source cves: CVE-2024-28088 Source advisory: OSV:PYSEC-2024-45...