3 matches found
Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
The Google Analytics GA4 module enables users to add custom attributes to the script tag used to load the Google Analytics library. The module does not sufficiently sanitize these attributes. This vulnerability is mitigated by the fact that an attacker must have a role with the "ga4 configure" or...
Server-side Request Forgery (SSRF)
Overview @langchain/core is a Core LangChain.js abstractions and schemas Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RecursiveUrlLoader class. An attacker can access internal or sensitive resources by influencing crawled page content to include lin...
Server-side Request Forgery (SSRF)
Overview @langchain/community is a Third-party integrations for LangChain.js Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the RecursiveUrlLoader class. An attacker can access internal or sensitive resources by influencing crawled page content to include...