Description
<style>
</style>
Package
Vulnerability
Severity
Fixed By
langgraph-checkpoint
GHSA-wwqv-p2pp-99h5 High
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
langchain-text-splitters
GHSA-m42m-m8cr-8m58 High
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
h11
GHSA-vqfr-h8mv-ghfj Critical
h11 accepts some malformed Chunked-Encoding bodies
langchain-core
GHSA-6qv9-48xg-fc7f High
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
starlette
GHSA-2c2j-9gv5-cj73 Medium
Starlette has possible denial-of-service vector when parsing large files in multipart forms
starlette
GHSA-7f5h-v6xp-fcq8 High
Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse
pip
GHSA-4xh5-x5gv-qwph Medium
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
urllib3
GHSA-pq67-6m6q-mj2v Medium
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
urllib3
GHSA-48p4-8xcf-vxj5 Medium
urllib3 does not control redirects in browsers and Node.js
setuptools
PYSEC-2025-49
High
setuptools
GHSA-5rjg-fvgr-3xxf High
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
requests
GHSA-9hjg-9r4m-mvj7 Medium
Requests vulnerable to .netrc credentials leak via malicious URLs
Reactions are currently unavailable
You can’t perform that action at this time.
