langchain-experimental
PyPI5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting langchain-experimentalpage 1 of 1
- CVE-2023-44467CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.152023-10-09
vulnerable: 0.0.1 ... 0.0.9 (18 versions)
langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.
- CVE-2024-21513HIGHCVSS 8.5EG 8.5✓ Fixed in 0.0.212024-07-15
vulnerable: 0.0.1 ... 0.0.9 (24 versions)
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit t…
- CVE-2024-27444CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.522024-02-26
vulnerable: 0.0.1 ... 0.0.9 (54 versions)
langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, _…
- CVE-2024-38459HIGHCVSS 7.8EG 7.8✓ Fixed in 0.0.612024-06-16
vulnerable: 0.0.1 ... 0.0.9 (63 versions)
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
- CVE-2024-46946CRITICALCVSS 9.8EG 9.82024-09-19
vulnerable: 0.3.0, 0.3.0.dev1
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccd…
Check whether langchain-experimental is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langchain-experimental CVEs against the assets you own.
Start Free Scan →