pkg:PyPI/langchain-core

所有已知漏洞

• CRITICAL9.3CVE-2025-68664LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
  >= 1.0.0, < 1.2.5
• HIGH8.2CVE-2026-44843LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists
  >= 1.0.0, < 1.3.3
• HIGH7.5CVE-2026-34070LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
  from 0, < 1.2.22
• MEDIUM5.9CVE-2024-1455LangChain's XMLOutputParser vulnerable to XML Entity Expansion
  from 0, < 0.1.35
• MEDIUM5.3CVE-2026-40087LangChain has incomplete f-string validation in prompt templates
  from 0, < 0.3.84
• MEDIUM5.3CVE-2024-10940langchain-core allows unauthorized users to read arbitrary files from the host file system
  >= 0.1.17, < 0.1.53
• LOW3.7CVE-2026-26013LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
  from 0, < 1.2.11
• —CVE-2025-65106LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
  >= 1.0.0, < 1.0.7
• —CVE-2024-28088LangChain directory traversal vulnerability
  from 0, < 0.1.11
• —CVE-2024-28088LangChain directory traversal vulnerability
  from 0, < 0.1.30