Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
LangChain serialization injection vulnerability enables secret extraction High
CVE-2025-68665 was published for @langchain/core (npm) Dec 23, 2025
eyurtsev Credited to eyurtsev, ccurme, mdrxy, 0xn3va, yardenporat353, VladimirEliTokarev, hntrl, siewer, and jacoblee93 ccurme ccurme
mdrxy mdrxy 0xn3va 0xn3va yardenporat353 yardenporat353 VladimirEliTokarev VladimirEliTokarev hntrl hntrl siewer siewer jacoblee93 jacoblee93
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs Critical
CVE-2025-68664 was published for langchain-core (pip) Dec 23, 2025
0xn3va Credited to 0xn3va, yardenporat353, VladimirEliTokarev, eyurtsev, ccurme, mdrxy, and hntrl yardenporat353 yardenporat353
VladimirEliTokarev VladimirEliTokarev eyurtsev eyurtsev ccurme ccurme mdrxy mdrxy hntrl hntrl
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates High
CVE-2025-65106 was published for langchain-core (pip) Nov 20, 2025
0xn3va Credited to 0xn3va
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database