Package impact
PyPI / langroid
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25879 | critical | 9.8 | 9.8 | 7d ago | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When… | |||
| CVE-2026-25481 | unknown | — | — | 4mo ago | Langroid has WAF Bypass Leading to RCE in TableChatAgent | |||
| CVE-2025-46725 | unknown | — | — | 1y ago | Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store | |||
| CVE-2025-46724 | unknown | — | — | 1y ago | Langroid has a Code Injection vulnerability in TableChatAgent | |||
| CVE-2025-46726 | unknown | — | — | 1y ago | Langroid Allows XXE Injection via XMLToolMessage |