CVE-2025-64104

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

GHSA-7P73-8JQX-23R8 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

Summary LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. Details /langgraph/libs/checkpoint-sqlite/langgraph/store/sqlite/base.py...

CVE-2025-64104 LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization,...

CVE-2025-8709

A SQL injection vulnerability exists in LangGraph’s SQLite store implementation due to improper string concatenation when building filter conditions in the getfiltercondition function. The JSON key portion of the jsonextract path is directly concatenated into SQL statements without sanitization o...

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via improper handling of filter $eq, $ne, $gt, $lt, $gte, $lte operators in the LangGraph SQLite store implementation. An...

EUVD-2025-35939

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...

PT-2025-43747

Name of the Vulnerable Software and Affected Versions langgraph-checkpoint-sqlite version 2.0.10 Description A SQL injection vulnerability exists in the LangGraph's SQLite store implementation within the langchain-ai/langgraph repository. The issue stems from improper handling of filter operators...