Langchain-ai Langchain

7 CVEs affecting Langchain-ai Langchain. Latest disclosed: 2026-06-22. Critical: 1, High: 2.

Top CVEs affecting Langchain-ai Langchain
CVESeverityScorePublishedSummary
CVE-2025-68664Critical9.32025-12-23LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists i…
CVE-2026-44843High8.22026-05-26LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserial…
CVE-2026-34070High7.52026-03-31LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read f…
CVE-2026-40087Medium5.32026-04-09LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was inco…
CVE-2026-55443Medium5.12026-06-22LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand…
CVE-2026-26013Low3.72026-02-10LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitr…
CVE-2025-651062025-11-21LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerabilit…