Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
langchain langchain vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-44467
langchain_experimental (aka LangChain Experimental) in LangChain prior to 0.0.306 allows an malicious user to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
Langchain Langchain Experimental 0.0.14
9.8
CVSSv3
CVE-2023-39631
An issue in LanChain-ai Langchain v.0.0.245 allows a remote malicious user to execute arbitrary code via the evaluate function in the numexpr library.
Langchain Langchain 0.0.245
9.8
CVSSv3
CVE-2023-36281
An issue in langchain v.0.0.171 allows a remote malicious user to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template.
Langchain Langchain 0.0.171
3 Github repositories
9.8
CVSSv3
CVE-2023-39659
An issue in langchain langchain-ai v.0.0.232 and before allows a remote malicious user to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.
Langchain Langchain
9.8
CVSSv3
CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote malicious user to execute arbitrary code via the prompt parameter.
Langchain Langchain 0.0.231
9.8
CVSSv3
CVE-2023-38896
An issue in Harrison Chase langchain v.0.0.194 and before allows a remote malicious user to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.
Langchain Langchain
9.8
CVSSv3
CVE-2023-36095
An issue in Harrison Chase langchain v.0.0.194 allows an malicious user to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
Langchain Langchain 0.0.194
9.8
CVSSv3
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote malicious user to execute arbitrary code via the PALChain parameter in the Python exec method.
Langchain Langchain 0.0.64
9.8
CVSSv3
CVE-2023-36258
An issue in LangChain prior to 0.0.236 allows an malicious user to execute arbitrary code because Python code with os.system, exec, or eval can be used.
Langchain Langchain 0.0.199
9.8
CVSSv3
CVE-2023-34541
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
Langchain Langchain 0.0.171
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »