371 matches found
GHSA-G4JQ-H2W9-997C vulnerabilities
Vulnerabilities for packages: vitess, langfuse-fips, langfuse...
GHSA-JQFW-VQ24-V9C3 vulnerabilities
Vulnerabilities for packages: vitess, langfuse-fips, langfuse...
CVE-2025-58751 vulnerabilities
Vulnerabilities for packages: vitess, langfuse-fips, langfuse...
CVE-2025-9799
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
CVE-2025-9799
CVE-2025-9799 affects Langfuse up to version 3.88.0. The vulnerability is in the Webhook Handler’s WebSocket/HTTP code path, specifically the function promptChangeEventSourcing in web/src/features/prompts/server/routers/promptRouter.ts. Manipulation of this function can lead to server-side reques...
CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...
langfuse 代码问题漏洞
langfuse is a large language model engineering platform open-sourced by Langfuse. A code issue vulnerability exists in langfuse 3.88.0 and earlier versions, which stems from a misuse of the function promptChangeEventSourcing in the file web/src/features/prompts/server/routers/promptRouter.ts...
PT-2025-35514
Name of the Vulnerable Software and Affected Versions: Langfuse versions through 3.88.0 Description: A security flaw exists in Langfuse, potentially leading to server-side request forgery. The vulnerability is located in the promptChangeEventSourcing function within the...
CVE-2025-54880 vulnerabilities
Vulnerabilities for packages: langfuse...
CVE-2025-54881 vulnerabilities
Vulnerabilities for packages: langfuse...
GHSA-7RQQ-PRVP-X9JH vulnerabilities
Vulnerabilities for packages: langfuse...
GHSA-8GWM-58G9-J8PW vulnerabilities
Vulnerabilities for packages: langfuse...
CVE-2025-54881 vulnerabilities
Vulnerabilities for packages: langfuse...
GHSA-8GWM-58G9-J8PW vulnerabilities
Vulnerabilities for packages: langfuse...
GHSA-7RQQ-PRVP-X9JH vulnerabilities
Vulnerabilities for packages: langfuse...
CVE-2025-54880 vulnerabilities
Vulnerabilities for packages: langfuse...
Sensitive Information Disclosure
LiteLLM is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper error handling due to an issue in proxyserver.py that leaks Langfuse API keys when an error occurs while parsing team settings, potentially exposing full access to stored requests...