Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Langchain Subscribe
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-34540 1 Langchain 1 Langchain 2024-03-13 N/A 9.8 CRITICAL
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.
CVE-2023-44467 1 Langchain 1 Langchain Experimental 2024-02-26 N/A 9.8 CRITICAL
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
CVE-2023-36258 1 Langchain 1 Langchain 2024-02-26 N/A 9.8 CRITICAL
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
CVE-2023-32786 1 Langchain 1 Langchain 2023-10-27 N/A 7.5 HIGH
In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.
CVE-2023-46229 1 Langchain 1 Langchain 2023-10-25 N/A 8.8 HIGH
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.
CVE-2023-39659 1 Langchain 1 Langchain 2023-08-22 N/A 9.8 CRITICAL
An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
CVE-2023-38896 1 Langchain 1 Langchain 2023-08-22 N/A 9.8 CRITICAL
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
CVE-2023-38860 1 Langchain 1 Langchain 2023-08-22 N/A 9.8 CRITICAL
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVE-2023-36095 1 Langchain 1 Langchain 2023-08-14 N/A 9.8 CRITICAL
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
CVE-2023-36188 1 Langchain 1 Langchain 2023-07-12 N/A 9.8 CRITICAL
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.