langchain-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44843Highlangchain-core: LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad…CVE-2026-40087Mediumlangchain-core: LangChain has incomplete f-string validation in prompt templatesCVE-2026-34070Highlangchain-core: LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functionsCVE-2026-26013Lowlangchain-core: LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messagesCVE-2025-68664Criticallangchain-core: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIsCVE-2025-65106Highlangchain-core: LangChain Vulnerable to Template Injection via Attribute Access in Prompt TemplatesCVE-2024-10940Mediumlangchain-core: langchain-core allows unauthorized users to read arbitrary files from the host file systemCVE-2024-1455Mediumlangchain-core: LangChain's XMLOutputParser vulnerable to XML Entity ExpansionCVE-2024-28088Lowlangchain: LangChain directory traversal vulnerability

Stop the waste.
Protect your environment with Kodem.