Launch Week Day 1: Announcing Security Design Review
Start for Free
pypi

langchain-core

View on pypi registry
10 Total advisories
10 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
PyPI

CVE-2024-28088

CVE-2024-28088
HIGH 8.2
PyPI

CVE-2026-44843

LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
HIGH 7.5
PyPI

CVE-2026-34070

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
MEDIUM 5.3
PyPI

CVE-2026-40087

LangChain has incomplete f-string validation in prompt templates
LOW 3.7
PyPI

CVE-2026-26013

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
UNKNOWN
PyPI

CVE-2025-65106

LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
CRITICAL 9.3
PyPI

CVE-2025-68664

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
MEDIUM 5.3
PyPI

CVE-2024-10940

langchain-core allows unauthorized users to read arbitrary files from the host file system
UNKNOWN
PyPI

CVE-2024-28088

LangChain directory traversal vulnerability
MEDIUM 5.9
PyPI

CVE-2024-1455

LangChain's XMLOutputParser vulnerable to XML Entity Expansion

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes