Lucene search
+L

95 matches found

NVD
NVD
added 2026/05/27 8:16 p.m.19 views

CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:35 p.m.9 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:35 p.m.32 views

EUVD-2026-32640

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:35 p.m.11 views

CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/27 7:35 p.m.45 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:35 p.m.44 views

CVE-2026-45134

LangSmith CVE-2026-45134 affects LangSmith Client SDKs with prompt-pull methods that fetch/deserialize prompt manifests from LangSmith Hub. The issue allows manifest content to be influenced by external parties when pulling a public prompt (owner/name), because prior SDKs did not distinguish such...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 7:35 p.m.3 views

CVE-2026-45134 LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.16 views

LangSmith Client SDKs 代码问题漏洞

LangSmith Client SDKs are a developer toolkit open-sourced by LangChain. Versions of LangSmith Client SDKs prior to 0.8.0 and JS/TS versions prior to 0.6.0 have code vulnerabilities. This vulnerability stems from the lack of differentiation between public prompts and internal organization-specifi...

7.1CVSS5.9AI score0.00199EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:41 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...

5.8CVSS7.3AI score0.00282EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/14 4:16 p.m.35 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS0.00285EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.8 views

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1490 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.10 <=0.7.38)

langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: SNYK:PYTHON-LANGSMITH-16658748...

7.1CVSS5.7AI score0.00199EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.7 views

0xgasless-mcp (>=1.0.3 <=1.0.5), 4d-vector-search (>=1.0.0 <=1.0.1) +3065 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.32 <=0.5.4)

langsmith NPM version =0.0.32, =1.0.3, =1.0.0, =1.11.0, =0.0.5, =0.0.1, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.6, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-45134 Source advisory: SNYK:JS-LANGSMITH-16658749...

7.1CVSS5.7AI score0.00199EPSS
Exploits0
Snyk
Snyk
added 2026/05/13 3:29 p.m.8 views

Deserialization of Untrusted Data

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary co...

7.1CVSS6.2AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/13 3:29 p.m.8 views

Deserialization of Untrusted Data

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary co...

7.1CVSS6.2AI score0.00199EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/13 3:29 p.m.9 views

NPM: LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

NPM: LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning vulnerability discovered by ? in WordPress Npm langsmith versions 0.6.0...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.9 views

0xgasless-mcp (>=1.0.3 <=1.0.5), 4d-vector-search (>=1.0.0 <=1.0.1) +3065 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.32 <=0.5.4)

langsmith NPM version =0.0.32, =1.0.3, =1.0.0, =1.11.0, =0.0.5, =0.0.1, =1.0.0, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.6, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...

7.1CVSS5.7AI score0.00199EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.8 views

a-data-processing (=0.0.1), a-mailx (=0.1.0) +1490 more potentially affected by CVE-2026-45134 via langsmith (>=0.0.10 <=0.7.38)

langsmith PYPI version =0.0.10, =0.1.0, =0.1.3, =0.1.0b0, =4.8.2, =0.1.3, =0.1.0, =0.1.0, =0.1.1, =2.1.7, =2.1.8 - agent-builder =0.0.1 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...

7.1CVSS5.7AI score0.00199EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.15 views

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Description The LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime...

7.1CVSS5.7AI score0.00199EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2026/05/13 3:29 p.m.9 views

GHSA-3644-Q5CJ-C5C7 LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Description The LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from the LangSmith Hub. These manifests may contain serialized LangChain objects and model configuration that affect runtime...

7.1CVSS5.7AI score0.00199EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.15 views

SUSE CVE-2026-41182

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0.5.19 of the JavaScript SDK and version 0.7.31 of the Python SDK, the LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When ...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Rows per page
Query Builder