Filtered by vendor Langchain
Subscriptions
Filtered by product Langchain
Subscriptions
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5998 | 1 Langchain | 1 Langchain | 2024-09-17 | N/A |
| A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product. | ||||
| CVE-2023-46229 | 1 Langchain | 1 Langchain | 2024-09-12 | 8.8 High |
| LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. | ||||
| CVE-2023-32786 | 1 Langchain | 1 Langchain | 2024-09-12 | 7.5 High |
| In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | ||||
| CVE-2023-39659 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. | ||||
| CVE-2023-39631 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. | ||||
| CVE-2023-38896 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. | ||||
| CVE-2023-38860 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. | ||||
| CVE-2023-36258 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. | ||||
| CVE-2023-36281 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. | ||||
| CVE-2023-36189 | 1 Langchain | 1 Langchain | 2024-08-02 | 7.5 High |
| SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. | ||||
| CVE-2023-36095 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt. | ||||
| CVE-2023-36188 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. | ||||
| CVE-2023-34541 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | ||||
| CVE-2023-34540 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available. | ||||
| CVE-2023-29374 | 1 Langchain | 1 Langchain | 2024-08-02 | 9.8 Critical |
| In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. | ||||
Page 1 of 1.