Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48776 |
|
Path Traversal in langgraph-sdk (CVE-2026-48776)
path traversal in langgraph-sdk (CVE-2026-48776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.15` or later.
|
| CVE-2026-48775 |
|
Unsafe Deserialization in langgraph-checkpoint (CVE-2026-48775)
vulnerability in langgraph-checkpoint (CVE-2026-48775). Successful exploitation can lead to full system takeover. Exploitable via ``JsonPlusSerializer``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-40190 |
|
Vulnerability in langchain (CVE-2026-40190)
vulnerability in langchain (CVE-2026-40190). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.5.18` or later.
|
| CVE-2023-36095 |
|
Code Injection in langchain (CVE-2023-36095)
code injection in langchain (CVE-2023-36095). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.236` or later.
|