Langchain Ai/Langchainjs
Approved changes feed: RSS · Atom
cpe:2.3:a:langchain-ai:langchain-ai/langchainjs:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Langchain Ai (95fad776-1fab-55af-bd3a-6177850e04d4) |
|---|---|
| Product | Langchain Ai/Langchainjs (9469489a-fe04-5402-9560-eea5e20d09e2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-7774 |
vulnerable | 2026-06-08 06:58:23.405801 |
Path Traversal in langchain-ai/langchainjs
MEDIUM (6.5)
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.
Published: 2024-10-29T12:49:21.165Z
Updated: 2024-10-29T13:31:38.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7042 |
vulnerable | 2026-06-08 06:58:21.102713 |
Prompt Injection in langchain-ai/langchainjs Leading to SQL Injection
MEDIUM (4.9)
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.
Published: 2024-10-29T12:50:05.375Z
Updated: 2025-10-15T12:50:36.199Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.