langchain_core-0.1.23-py3-none-any.whl: 7 vulnerabilities (highest severity is: 9.3) #53
Description
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (langchain_core version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2025-68664 |  Critical |
9.3 | langchain_core-0.1.23-py3-none-any.whl | Direct | 0.3.81 | ❌ |
| CVE-2025-65106 |  High |
8.2 | langchain_core-0.1.23-py3-none-any.whl | Direct | 0.3.80 | ❌ |
| CVE-2024-28088 | High |
8.1 | langchain_core-0.1.23-py3-none-any.whl | Direct | langchain - 0.1.12 | ❌ |
| CVE-2026-34070 | High |
7.5 | langchain_core-0.1.23-py3-none-any.whl | Direct | https://github.com/langchain-ai/langchain.git - langchain-core==1.2.22,langchain-core - 1.2.22 | ❌ |
| CVE-2024-1455 |  Medium |
5.9 | langchain_core-0.1.23-py3-none-any.whl | Direct | langchain-core - 0.1.35 | ❌ |
| CVE-2024-10940 | Medium |
5.3 | langchain_core-0.1.23-py3-none-any.whl | Direct | 0.1.53 | ❌ |
| CVE-2026-26013 |  Low |
3.7 | langchain_core-0.1.23-py3-none-any.whl | Direct | 1.2.11 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-68664
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
Publish Date: 2025-12-23
URL: CVE-2025-68664
CVSS 3 Score Details (9.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-c67j-w6g6-q2cm
Release Date: 2025-12-23
Fix Resolution: 0.3.81
Step up your Open Source Security Game with Mend here
CVE-2025-65106
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.
Publish Date: 2025-11-21
URL: CVE-2025-65106
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-6qv9-48xg-fc7f
Release Date: 2025-11-20
Fix Resolution: 0.3.80
Step up your Open Source Security Game with Mend here
CVE-2024-28088
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.)
Publish Date: 2024-03-03
URL: CVE-2024-28088
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2024-03-03
Fix Resolution: langchain - 0.1.12
Step up your Open Source Security Game with Mend here
CVE-2026-34070
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an application passes user-influenced prompt configurations to load_prompt() or load_prompt_from_config(), an attacker can read arbitrary files on the host filesystem, constrained only by file-extension checks (.txt for templates, .json/.yaml for examples). This issue has been patched in version 1.2.22.
Publish Date: 2026-03-31
URL: CVE-2026-34070
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2026-03-28
Fix Resolution: https://github.com/langchain-ai/langchain.git - langchain-core==1.2.22,langchain-core - 1.2.22
Step up your Open Source Security Game with Mend here
CVE-2024-1455
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2024-03-26
URL: CVE-2024-1455
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-q84m-rmw3-4382
Release Date: 2024-03-26
Fix Resolution: langchain-core - 0.1.35
Step up your Open Source Security Game with Mend here
CVE-2024-10940
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
A vulnerability in langchain-core versions >=0.1.17,<0.1.53, >=0.2.0,<0.2.43, and >=0.3.0,<0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchain_core.prompts.ImagePromptTemplate's (and by extension langchain_core.prompts.ChatPromptTemplate's) with input variables that can read any user-specified path from the server file system. If the outputs of these prompt templates are exposed to the user, either directly or through downstream model outputs, it can lead to the exposure of sensitive information.
Publish Date: 2025-03-20
URL: CVE-2024-10940
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-5chr-fjjv-38qv
Release Date: 2025-03-20
Fix Resolution: 0.1.53
Step up your Open Source Security Game with Mend here
CVE-2026-26013
Vulnerable Library - langchain_core-0.1.23-py3-none-any.whl
Building applications with LLMs through composability
Library home page: https://files.pythonhosted.org/packages/b1/e9/7e624fe4a7619821331ad2e943fbfc2eab7465cf97ee95158c435a276d3e/langchain_core-0.1.23-py3-none-any.whl
Path to dependency file: /ai/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260331025725_MIUFBE/python_UVEQHS/20260331025831/4/langchain_core-0.1.23-py3-none-any.whl
Dependency Hierarchy:
- ❌ langchain_core-0.1.23-py3-none-any.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed in 1.2.11.
Publish Date: 2026-02-10
URL: CVE-2026-26013
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Release Date: 2026-02-10
Fix Resolution: 1.2.11
Step up your Open Source Security Game with Mend here