langchain-0.2.7-py3-none-any.whl: 11 vulnerabilities (highest severity is: 9.3) #5
Description
Vulnerable Library - langchain-0.2.7-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/8e/bf/b581a91c3238d93f1b57e093523c1120ee86fddf3a914e288701caba3620/langchain-0.2.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain-0.2.7.dist-info
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Exploit Maturity | EPSS | Dependency | Type | Fixed in (langchain version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2025-68664 |  Critical |
9.3 | Not Defined | 0.0% | langchain_core-0.2.43-py3-none-any.whl | Transitive | 0.2.8 | ✅ | |
| CVE-2025-65106 |  High |
8.2 | Not Defined | 0.1% | langchain_core-0.2.43-py3-none-any.whl | Transitive | 0.2.8 | ✅ | |
| CVE-2024-5998 | High |
7.8 | Not Defined | 0.1% | langchain-0.2.7-py3-none-any.whl | Direct | 0.2.9 | ✅ | |
| CVE-2026-34070 | High |
7.5 | Not Defined | langchain_core-0.2.43-py3-none-any.whl | Transitive | N/A* | ❌ | ||
| CVE-2025-6985 | High |
7.5 | Not Defined | 0.2% | langchain_text_splitters-0.2.4-py3-none-any.whl | Transitive | 0.3.0 | ✅ | |
| CVE-2025-67221 | High |
7.5 | Not Defined | 0.0% | orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Transitive | 0.2.8 | ✅ | |
| CVE-2024-58340 | High |
7.5 | Not Defined | 0.1% | langchain-0.2.7-py3-none-any.whl | Direct | https://github.com/langchain-ai/langchain.git - langchain-classic==1.0.2,langchain-classic - 1.0.2 | ✅ | |
| CVE-2024-10940 |  Medium |
5.3 | Not Defined | 0.1% | langchain_core-0.2.43-py3-none-any.whl | Transitive | N/A* | ❌ | |
| CVE-2024-7042 | Medium |
4.9 | Not Defined | 0.1% | langchain-0.2.7-py3-none-any.whl | Direct | @langchain/community - 0.3.3 | ❌ | |
| CVE-2026-25645 | Medium |
4.4 | Not Defined | 0.0% | requests-2.32.5-py3-none-any.whl | Transitive | N/A* | ❌ | |
| CVE-2026-26013 |  Low |
3.7 | Not Defined | 0.0% | langchain_core-0.2.43-py3-none-any.whl | Transitive | 0.2.8 | ✅ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-68664
Vulnerable Library - langchain_core-0.2.43-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/70/9b/b26405992d807a592ab3e7792f0eb2c2f71fe69111c972caf7786ba99199/langchain_core-0.2.43-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain_core-0.2.43.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ langchain_core-0.2.43-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
Publish Date: 2025-12-23
URL: CVE-2025-68664
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (9.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-c67j-w6g6-q2cm
Release Date: 2025-12-23
Fix Resolution (langchain-core): 0.3.81
Direct dependency fix Resolution (langchain): 0.2.8
In order to enable automatic remediation, please create workflow rules
CVE-2025-65106
Vulnerable Library - langchain_core-0.2.43-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/70/9b/b26405992d807a592ab3e7792f0eb2c2f71fe69111c972caf7786ba99199/langchain_core-0.2.43-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain_core-0.2.43.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ langchain_core-0.2.43-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.
Publish Date: 2025-11-21
URL: CVE-2025-65106
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-6qv9-48xg-fc7f
Release Date: 2025-11-20
Fix Resolution (langchain-core): 0.3.80
Direct dependency fix Resolution (langchain): 0.2.8
In order to enable automatic remediation, please create workflow rules
CVE-2024-5998
Vulnerable Library - langchain-0.2.7-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/8e/bf/b581a91c3238d93f1b57e093523c1120ee86fddf3a914e288701caba3620/langchain-0.2.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain-0.2.7.dist-info
Dependency Hierarchy:
- ❌ langchain-0.2.7-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.
Publish Date: 2024-09-17
URL: CVE-2024-5998
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://huntr.com/bounties/fa3a2753-57c3-4e08-a176-d7a3ffda28fe
Release Date: 2024-09-17
Fix Resolution: 0.2.9
In order to enable automatic remediation, please create workflow rules
CVE-2026-34070
Vulnerable Library - langchain_core-0.2.43-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/70/9b/b26405992d807a592ab3e7792f0eb2c2f71fe69111c972caf7786ba99199/langchain_core-0.2.43-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain_core-0.2.43.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ langchain_core-0.2.43-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
Summary Multiple functions in "langchain_core.prompts.loading" read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to "load_prompt()" or "load_prompt_from_config()", an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (".txt" for templates, ".json"/".yaml" for examples). Note: The affected functions ("load_prompt", "load_prompt_from_config", and the ".save()" method on prompt classes) are undocumented legacy APIs. They are superseded by the "dumpd"/"dumps"/"load"/"loads" serialization APIs in "langchain_core.load", which do not perform filesystem reads and use an allowlist-based security model. As part of this fix, the legacy APIs have been formally deprecated and will be removed in 2.0.0. Affected component Package: "langchain-core" File: "langchain_core/prompts/loading.py" Affected functions: "_load_template()", "_load_examples()", "_load_few_shot_prompt()" Severity High The score reflects the file-extension constraints that limit which files can be read. Vulnerable code paths | Config key | Loaded by | Readable extensions | |---|---|---| | "template_path", "suffix_path", "prefix_path" | "_load_template()" | ".txt" | | "examples" (when string) | "_load_examples()" | ".json", ".yaml", ".yml" | | "example_prompt_path" | "_load_few_shot_prompt()" | ".json", ".yaml", ".yml" | None of these code paths validated the supplied path against absolute path injection or ".." traversal sequences before reading from disk. Impact An attacker who controls or influences the prompt configuration dict can read files outside the intended directory: - ".txt" files: cloud-mounted secrets ("/mnt/secrets/api_key.txt"), "requirements.txt", internal system prompts - ".json"/".yaml" files: cloud credentials ("/.docker/config.json", "/.azure/accessTokens.json"), Kubernetes manifests, CI/CD configs, application settings This is exploitable in applications that accept prompt configs from untrusted sources, including low-code AI builders and API wrappers that expose "load_prompt_from_config()". Proof of concept from langchain_core.prompts.loading import load_prompt_from_config Reads /tmp/secret.txt via absolute path injection config = { "_type": "prompt", "template_path": "/tmp/secret.txt", "input_variables": [], } prompt = load_prompt_from_config(config) print(prompt.template) # file contents disclosed Reads ../../etc/secret.txt via directory traversal config = { "_type": "prompt", "template_path": "../../etc/secret.txt", "input_variables": [], } prompt = load_prompt_from_config(config) Reads arbitrary .json via few-shot examples config = { "_type": "few_shot", "examples": "../../../../.docker/config.json", "example_prompt": { "_type": "prompt", "input_variables": ["input", "output"], "template": "{input}: {output}", }, "prefix": "", "suffix": "{query}", "input_variables": ["query"], } prompt = load_prompt_from_config(config) Mitigation Update "langchain-core" to >= 1.2.22. The fix adds path validation that rejects absolute paths and ".." traversal sequences by default. An "allow_dangerous_paths=True" keyword argument is available on "load_prompt()" and "load_prompt_from_config()" for trusted inputs. As described above, these legacy APIs have been formally deprecated. Users should migrate to "dumpd"/"dumps"/"load"/"loads" from "langchain_core.load". Credit - "jiayuqi7813" (https://github.com/jiayuqi7813) reporter - "VladimirEliTokarev" (https://github.com/VladimirEliTokarev) reporter - "Rickidevs" (https://github.com/Rickidevs) reporter - Kenneth Cox (cczine@gmail.com) reporter
Publish Date: 2026-03-27
URL: CVE-2026-34070
Threat Assessment
Exploit Maturity: Not Defined
EPSS:
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-qh6h-p6c9-ff54
Release Date: 2026-03-27
Fix Resolution: langchain-core - 1.2.22
CVE-2025-6985
Vulnerable Library - langchain_text_splitters-0.2.4-py3-none-any.whl
LangChain text splitting utilities
Library home page: https://files.pythonhosted.org/packages/8f/f3/d01591229e9d0eec1e8106ed6f9b670f299beb1c94fed4aa335afa78acb0/langchain_text_splitters-0.2.4-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain_text_splitters-0.2.4.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ langchain_text_splitters-0.2.4-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse() and lxml.etree.XSLT() without any hardening measures. In lxml versions up to 4.9.x, external entities are resolved by default, allowing attackers to read arbitrary local files or perform outbound HTTP(S) fetches. In lxml versions 5.0 and above, while entity expansion is disabled, the XSLT document() function can still read any URI unless XSLTAccessControl is applied. This vulnerability allows remote attackers to gain read-only access to any file the LangChain process can reach, including sensitive files such as SSH keys, environment files, source code, or cloud metadata. No authentication, special privileges, or user interaction are required, and the issue is exploitable in default deployments that enable custom XSLT.
Publish Date: 2025-10-06
URL: CVE-2025-6985
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.2%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-m42m-m8cr-8m58
Release Date: 2025-10-06
Fix Resolution (langchain-text-splitters): 0.3.9
Direct dependency fix Resolution (langchain): 0.3.0
In order to enable automatic remediation, please create workflow rules
CVE-2025-67221
Vulnerable Library - orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/orjson-3.11.5.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- langsmith-0.1.147-py3-none-any.whl
- ❌ orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)
- langsmith-0.1.147-py3-none-any.whl
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
Publish Date: 2026-01-22
URL: CVE-2025-67221
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2026-01-22
Fix Resolution (orjson): 3.11.6
Direct dependency fix Resolution (langchain): 0.2.8
In order to enable automatic remediation, please create workflow rules
CVE-2024-58340
Vulnerable Library - langchain-0.2.7-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/8e/bf/b581a91c3238d93f1b57e093523c1120ee86fddf3a914e288701caba3620/langchain-0.2.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain-0.2.7.dist-info
Dependency Hierarchy:
- ❌ langchain-0.2.7-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
LangChain contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2026-01-12
URL: CVE-2024-58340
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2026-01-12
Fix Resolution: https://github.com/langchain-ai/langchain.git - langchain-classic==1.0.2,langchain-classic - 1.0.2
In order to enable automatic remediation, please create workflow rules
CVE-2024-10940
Vulnerable Library - langchain_core-0.2.43-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/70/9b/b26405992d807a592ab3e7792f0eb2c2f71fe69111c972caf7786ba99199/langchain_core-0.2.43-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain_core-0.2.43.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ langchain_core-0.2.43-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
Publish Date: 2025-03-20
URL: CVE-2024-10940
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-5chr-fjjv-38qv
Release Date: 2025-03-20
Fix Resolution: langchain-core - 0.3.15,https://github.com/langchain-ai/langchain.git - langchain==0.2.43,https://github.com/langchain-ai/langchain.git - langchain==0.3.15,langchain-core - 0.2.43,langchain-core - 0.1.53
CVE-2024-7042
Vulnerable Library - langchain-0.2.7-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/8e/bf/b581a91c3238d93f1b57e093523c1120ee86fddf3a914e288701caba3620/langchain-0.2.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain-0.2.7.dist-info
Dependency Hierarchy:
- ❌ langchain-0.2.7-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
Publish Date: 2024-10-29
URL: CVE-2024-7042
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (4.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: GHSA-6m59-8fmv-m5f9
Release Date: 2024-10-29
Fix Resolution: @langchain/community - 0.3.3
CVE-2026-25645
Vulnerable Library - requests-2.32.5-py3-none-any.whl
Python HTTP for Humans.
Library home page: https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/requests-2.32.5.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ requests-2.32.5-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
Requests is a HTTP library. Prior to version 2.33.0, the "requests.utils.extract_zipped_paths()" utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call "extract_zipped_paths()" directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set "TMPDIR" in their environment to a directory with restricted write access.
Publish Date: 2026-03-25
URL: CVE-2026-25645
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (4.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2026-03-25
Fix Resolution: https://github.com/psf/requests.git - v2.33.0
CVE-2026-26013
Vulnerable Library - langchain_core-0.2.43-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/70/9b/b26405992d807a592ab3e7792f0eb2c2f71fe69111c972caf7786ba99199/langchain_core-0.2.43-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260309120528_NCWYTV/python_KWDIRO/202603091205291/env/lib/python3.9/site-packages/langchain_core-0.2.43.dist-info
Dependency Hierarchy:
- langchain-0.2.7-py3-none-any.whl (Root Library)
- ❌ langchain_core-0.2.43-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 09f51f74740b88648be208302ec569217b51a66f
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed in 1.2.11.
Publish Date: 2026-02-10
URL: CVE-2026-26013
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.0%
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Release Date: 2026-02-10
Fix Resolution (langchain-core): 1.2.11
Direct dependency fix Resolution (langchain): 0.2.8
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules