GCVE - cpe:2.3:a:langchain:langchain:0.0.171:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:langchain:langchain:0.0.171:*:*:*:*:*:*:*

part: a version: 0.0.171 update: *

Vendor	Langchain (`3bec1db6-30f1-5f7c-8067-d161076b8e16`)
Product	Langchain (`470aaf7d-9be4-5ab2-a1f8-1df85c8b7784`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/hwchase17/langchain`	purl2cpe	2026-06-01 10:15:38.815255
`pkg:npm/langchain`	purl2cpe	2026-06-01 10:15:38.815256
`pkg:pypi/langchain`	purl2cpe	2026-06-01 10:15:38.815258
`pkg:sourceforge/langchain.mirror`	purl2cpe	2026-06-01 10:15:38.815259

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-36281`	vulnerable	2026-06-08 06:06:28.686026	Details available An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via a JSON file to load_prompt. This is related to __subclasses__ or a template. Published: 2023-08-22T00:00:00.000Z Updated: 2024-10-15T16:39:03.468Z Open on db.gcve.eu Reference links https://github.com/hwchase17/langchain/issues/4394 https://aisec.today/LangChain-2e6244a313dd46139c5ef28cbcab9e55 https://github.com/langchain-ai/langchain/releases/tag/v0.0.312	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-34541`	vulnerable	2026-06-08 06:06:25.680772	Details available Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. Published: 2023-06-20T00:00:00.000Z Updated: 2024-12-09T21:11:02.484Z Open on db.gcve.eu Reference links https://github.com/hwchase17/langchain/issues/4849	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-34540`	vulnerable	2026-06-08 06:06:25.680364	Details available Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available. Published: 2023-06-14T00:00:00.000Z Updated: 2024-08-02T16:10:07.011Z Open on db.gcve.eu Reference links https://github.com/hwchase17/langchain/issues/4833 https://github.com/langchain-ai/langchain/pull/6992 https://github.com/langchain-ai/langchain/releases/tag/v0.0.225	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.