langchain-community

PyPI7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting langchain-communitypage 1 of 1

CVE-2024-2057MEDIUMCVSS 6.3EG 6.3
2024-03-01
vulnerable: 0.0.1 ... 0.0.9 (28 versions)
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetrieve…
CVE-2024-2965MEDIUMCVSS 4.7EG 4.7✓ Fixed in 0.2.5
2024-06-06
vulnerable: 0.0.1 ... 0.2.4 (46 versions)
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mecha…
CVE-2024-3095HIGHCVSS 7.7EG 7.7✓ Fixed in 0.2.9
2024-06-06
vulnerable: 0.0.1 ... 0.2.7 (49 versions)
A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote int…
CVE-2024-5998HIGHCVSS 7.8EG 7.8✓ Fixed in 0.2.4
2024-09-17
vulnerable: 0.0.1 ... 0.2.3 (45 versions)
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects …
CVE-2024-8309CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.3.0
2024-10-29
vulnerable: 0.2.0 ... 0.2.19 (21 versions)
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service …
CVE-2025-2828CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.0.28
2025-06-23
vulnerable: 0.0.1 ... 0.0.9 (29 versions)
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain vers…
CVE-2025-6984HIGHCVSS 7.5EG 7.5✓ Fixed in 0.3.27
2025-09-04
vulnerable: 0.0.1 ... 0.3.9 (90 versions)
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. The affected version is 0.3.63. The vulnerability arises from the use of etree.i…

Check whether langchain-community is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langchain-community CVEs against the assets you own.

Start Free Scan →