GCVE - cpe:2.3:a:langchain-ai:langchain-ai\/langchain:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:langchain-ai:langchain-ai\/langchain:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Langchain Ai (`95fad776-1fab-55af-bd3a-6177850e04d4`)
Product	Langchain Ai/Langchain (`8fd27c47-c32d-54d0-9495-cf544fd8a3a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1455`	vulnerable	2026-06-08 06:25:40.124631	Billion Laughs Attack leading to DoS in langchain-ai/langchain MEDIUM (5.9) A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS). Published: 2024-03-26T14:03:46.647Z Updated: 2024-08-15T15:56:19.154Z Open on db.gcve.eu Reference links https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6 https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0243`	vulnerable	2026-06-08 06:22:00.100925	Server-side Request Forgery In Recursive URL Loader LOW (3.7) With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.load() ``` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/15559 Published: 2024-02-24T17:59:26.498Z Updated: 2025-04-22T16:14:26.674Z Open on db.gcve.eu Reference links https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861 https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 https://github.com/langchain-ai/langchain/pull/15559	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Langchain Ai/Langchain

PURL mappings

Vulnerability references

Contribute