Approved changes feed: RSS · Atom
cpe:2.3:a:langchain:langchain:*:*:*:*:community:*:*:*
part: a version: * update: *
| Vendor | Langchain (3bec1db6-30f1-5f7c-8067-d161076b8e16) |
|---|---|
| Product | Langchain (470aaf7d-9be4-5ab2-a1f8-1df85c8b7784) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/hwchase17/langchain |
purl2cpe | 2026-06-01 10:15:39.412459 |
pkg:npm/langchain |
purl2cpe | 2026-06-01 10:15:39.412461 |
pkg:pypi/langchain |
purl2cpe | 2026-06-01 10:15:39.412462 |
pkg:sourceforge/langchain.mirror |
purl2cpe | 2026-06-01 10:15:39.412464 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2828 |
vulnerable | 2026-06-08 07:16:58.443771 |
SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain
HIGH (8.4)
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.
Published: 2025-06-23T20:42:28.639Z
Updated: 2025-06-24T13:32:19.925Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.