pkg:npm/langsmith

4 total CVEsHIGH1MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • HIGH7.1CVE-2026-45134LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
    from 0, < 0.6.0
  • MEDIUM5.8CVE-2026-25528LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection
    >= 0.3.41, < 0.4.6
  • MEDIUM5.6CVE-2026-40190LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`
    from 0, < 0.5.18
  • MEDIUM5.3CVE-2026-41182LangSmith SDK: Streaming token events bypass output redaction
    from 0, < 0.5.19