Filtered by vendor Langchain-ai
Subscriptions
Filtered by product Langchain
Subscriptions
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1455 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain | 2025-07-30 | 5.9 Medium |
| A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS). | ||||
| CVE-2024-3571 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain | 2025-07-29 | 8.8 High |
| langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories. | ||||