Filtered by vendor Langchain-ai Subscriptions
Filtered by product Langchain Subscriptions
Total 22 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1455 2 Langchain, Langchain-ai 2 Langchain, Langchain 2025-07-30 5.9 Medium
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS).
CVE-2024-3571 2 Langchain, Langchain-ai 2 Langchain, Langchain 2025-07-29 8.8 High
langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories.