Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
LangChain serialization injection vulnerability enables secret extraction High
CVE-2025-68665 was published for @langchain/core (npm) Dec 23, 2025
eyurtsev Credited to eyurtsev, ccurme, mdrxy, 0xn3va, yardenporat353, VladimirEliTokarev, hntrl, siewer, and jacoblee93 ccurme ccurme
mdrxy mdrxy 0xn3va 0xn3va yardenporat353 yardenporat353 VladimirEliTokarev VladimirEliTokarev hntrl hntrl siewer siewer jacoblee93 jacoblee93
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs Critical
CVE-2025-68664 was published for langchain-core (pip) Dec 23, 2025
0xn3va Credited to 0xn3va, yardenporat353, VladimirEliTokarev, eyurtsev, ccurme, mdrxy, and hntrl yardenporat353 yardenporat353
VladimirEliTokarev VladimirEliTokarev eyurtsev eyurtsev ccurme ccurme mdrxy mdrxy hntrl hntrl
Langchain SQL Injection vulnerability Low
CVE-2024-8309 was published for langchain (pip) Oct 29, 2024
BarrensZeppelin Credited to BarrensZeppelin, eyurtsev, and efriis eyurtsev eyurtsev
efriis efriis
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever Moderate
CVE-2024-3095 was published for langchain-community (pip) Jun 6, 2024
eyurtsev Credited to eyurtsev
Denial of service in langchain-community Moderate
CVE-2024-2965 was published for langchain (pip) Jun 6, 2024
eyurtsev Credited to eyurtsev and efriis efriis efriis
LangChain's XMLOutputParser vulnerable to XML Entity Expansion Moderate
CVE-2024-1455 was published for langchain-core (pip) Mar 26, 2024
eyurtsev Credited to eyurtsev
Langchain Server-Side Request Forgery vulnerability High
CVE-2023-32786 was published for langchain (pip) Oct 21, 2023
eyurtsev Credited to eyurtsev
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library Critical
CVE-2023-39631 was published for langchain (pip) Sep 1, 2023
eyurtsev Credited to eyurtsev
langchain vulnerable to arbitrary code execution Critical
CVE-2023-36281 was published for langchain (pip) Aug 22, 2023
eyurtsev Credited to eyurtsev
LangChain vulnerable to arbitrary code execution Critical
CVE-2023-39659 was published for langchain (pip) Aug 15, 2023
eyurtsev Credited to eyurtsev
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database