Package impact
PyPI / langchain-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44843 | high | 8.2 | 8.2 | 9d ago | LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists | |||
| CVE-2026-34070 | high | 7.5 | 7.5 | 2mo ago | LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized… |