CRITICAL9.3CVE-2025-68664LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs >= 1.0.0, < 1.2.5
HIGH8.2CVE-2026-44843LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists >= 1.0.0, < 1.3.3
HIGH7.5LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
from 0, < 1.2.22
MEDIUM5.9LangChain's XMLOutputParser vulnerable to XML Entity Expansion
from 0, < 0.1.35
MEDIUM5.3LangChain has incomplete f-string validation in prompt templates
from 0, < 0.3.84
MEDIUM5.3langchain-core allows unauthorized users to read arbitrary files from the host file system
>= 0.1.17, < 0.1.53
LOW3.7LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages
from 0, < 1.2.11
—LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
>= 1.0.0, < 1.0.7
—LangChain directory traversal vulnerability
from 0, < 0.1.11
—LangChain directory traversal vulnerability
from 0, < 0.1.30