CVE-2025-67644

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

CVE-2025-8709

CVE-2025-8709 affects langgraph-checkpoint-sqlite 2.0.10 in LangGraph’s SQLite store. The root cause is improper string concatenation of filter keys in _get_filter_condition(), allowing SQL injection via filter parameters and potentially exposing all documents and sensitive fields (e.g., password...

CVE-2025-8709 SQL Injection in langchain-ai/langchain

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...

CVE-2025-8709 SQL Injection in langchain-ai/langchain

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...