langfuse-2

Direct Vulnerabilities

Known vulnerabilities in the langfuse-2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
External Control of File Name or Path

<2.95.12-r32
  • L
GHSA-q7rr-3cgh-j5r3

<2.95.12-r32
  • L
GHSA-p6gq-j5cr-w38f

<2.95.12-r33
  • L
GHSA-v6wh-96g9-6wx3

<2.95.12-r32
  • L
Improper Handling of Exceptional Conditions

<2.95.12-r32
  • L
GHSA-fx2h-pf6j-xcff

<2.95.12-r32
  • L
Directory Traversal

<2.95.12-r32
  • L
Allocation of Resources Without Limits or Throttling

<2.95.12-r32
  • L
GHSA-8988-4f7v-96qf

<2.95.12-r32
  • L
GHSA-cmwh-pvxp-8882

<2.95.12-r31
  • L
GHSA-4x5r-pxfx-6jf8

<2.95.12-r31
  • L
Directory Traversal

<2.95.12-r31
  • L
CVE-2026-48068

<2.95.12-r30
  • L
GHSA-99f4-grh7-6pcq

<2.95.12-r30
  • L
CVE-2026-48069

<2.95.12-r30
  • L
GHSA-gv7w-rqvm-qjhr

<2.95.12-r30
  • L
GHSA-5375-pq7m-f5r2

<2.95.12-r30
  • L
CVE-2026-3449

<2.95.12-r29
  • L
GHSA-vpq2-c234-7xj6

<2.95.12-r29
  • L
GHSA-w7jw-789q-3m8p

<2.95.12-r28
  • L
GHSA-866g-f22w-33x8

<2.95.12-r28
  • M
Resource Exhaustion

<2.95.12-r28
  • L
CVE-2026-9277

<2.95.12-r28
  • L
GHSA-c27g-q93r-2cwf

<2.95.12-r26
  • L
Information Exposure

<2.95.12-r26
  • L
GHSA-4r4m-qw57-chr8

<2.95.12-r26
  • M
Directory Traversal

<2.95.12-r26
  • M
Directory Traversal

<2.95.12-r26
  • L
GHSA-vg6x-rcgg-rjx6

<2.95.12-r26
  • L
GHSA-jqfw-vq24-v9c3

<2.95.12-r26
  • L
GHSA-x574-m823-4x7w

<2.95.12-r26
  • H
CVE-2025-31125

<2.95.12-r26
  • L
GHSA-859w-5945-r5v3

<2.95.12-r26
  • L
GHSA-g4jq-h2w9-997c

<2.95.12-r26
  • H
Information Exposure

<2.95.12-r26
  • L
Origin Validation Error

<2.95.12-r26
  • L
Arbitrary Command Injection

<2.95.12-r26
  • L
GHSA-356w-63v5-8wf4

<2.95.12-r26
  • L
GHSA-93m4-6634-74q7

<2.95.12-r26
  • L
Information Exposure

<2.95.12-r26
  • L
Directory Traversal

<2.95.12-r26
  • L
GHSA-xcj6-pq6g-qj4x

<2.95.12-r26
  • M
Directory Traversal

<2.95.12-r26
  • L
GHSA-5xrq-8626-4rwp

<2.95.12-r25
  • L
GHSA-654m-c8p4-x5fp

<2.95.12-r25
  • L
CVE-2026-47429

<2.95.12-r25
  • L
GHSA-pjwm-pj3p-43mv

<2.95.12-r25
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r25
  • M
HTTP Response Splitting

<2.95.12-r25
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r25
  • L
GHSA-898c-q2cr-xwhg

<2.95.12-r25
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r25
  • L
GHSA-35jp-ww65-95wh

<2.95.12-r25
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<2.95.12-r25
  • L
GHSA-qjx8-664m-686j

<2.95.12-r25
  • L
GHSA-4279-q6mj-392r

<2.95.12-r24
  • L
CVE-2026-42507

<2.95.12-r24
  • L
GHSA-h3gm-q7m7-mp28

<2.95.12-r24
  • L
CVE-2026-27145

<2.95.12-r24
  • L
GHSA-ph9p-34f9-6g65

<2.95.12-r24
  • H
Directory Traversal

<2.95.12-r24
  • L
GHSA-3qcw-2rhx-2726

<2.95.12-r24
  • L
GHSA-hcf7-66rw-9f5r

<2.95.12-r24
  • C
Untrusted Search Path

<2.95.12-r24
  • M
Cross-site Request Forgery (CSRF)

<2.95.12-r24
  • L
GHSA-w9j2-pvgh-6h63

<2.95.12-r23
  • L
GHSA-62hf-57xw-28j9

<2.95.12-r23
  • L
GHSA-v39h-62p7-jpjc

<2.95.12-r23
  • H
Use of Uninitialized Resource

<2.95.12-r23
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<2.95.12-r23
  • L
Arbitrary Code Injection

<2.95.12-r23
  • L
GHSA-xcj9-5m2h-648r

<2.95.12-r23
  • L
GHSA-6m6c-36f7-fhxh

<2.95.12-r23
  • L
Allocation of Resources Without Limits or Throttling

<2.95.12-r23
  • M
Improper Authentication

<2.95.12-r23
  • L
GHSA-m7pr-hjqh-92cm

<2.95.12-r23
  • L
GHSA-6chq-wfr3-2hj9

<2.95.12-r23
  • L
GHSA-vf2m-468p-8v99

<2.95.12-r23
  • L
GHSA-xx6v-rp6x-q39c

<2.95.12-r23
  • L
GHSA-ghcm-xqfw-q4vr

<2.95.12-r23
  • L
GHSA-87f9-hvmw-gh4p

<2.95.12-r23
  • L
GHSA-pmwg-cvhr-8vh7

<2.95.12-r23
  • L
GHSA-5c9x-8gcm-mpgx

<2.95.12-r23
  • M
Cross-site Scripting (XSS)

<2.95.12-r23
  • L
CVE-2026-6322

<2.95.12-r23
  • L
GHSA-q3j6-qgpj-74h6

<2.95.12-r23
  • L
Improper Encoding or Escaping of Output

<2.95.12-r23
  • L
Deserialization of Untrusted Data

<2.95.12-r23
  • L
GHSA-445q-vr5w-6q77

<2.95.12-r23
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r23
  • H
Server-Side Request Forgery (SSRF)

<2.95.12-r23
  • H
Uncontrolled Recursion

<2.95.12-r23
  • L
GHSA-3644-q5cj-c5c7

<2.95.12-r23
  • L
GHSA-pf86-5x62-jrwf

<2.95.12-r23
  • L
GHSA-3w6x-2g7m-8v23

<2.95.12-r23
  • L
CVE-2026-41149

<2.95.12-r23
  • L
CVE-2026-6321

<2.95.12-r23
  • L
GHSA-q8qp-cvcw-x6jj

<2.95.12-r23
  • L
GHSA-58qx-3vcg-4xpx

<2.95.12-r23
  • L
GHSA-xhjh-pmcv-23jw

<2.95.12-r23
  • L
HTTP Response Splitting

<2.95.12-r23
  • L
CRLF Injection

<2.95.12-r23
  • H
Resource Exhaustion

<2.95.12-r23
  • C
Permissive Whitelist

<2.95.12-r23
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r23
  • L
Allocation of Resources Without Limits or Throttling

<2.95.12-r23
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.95.12-r23
  • L
GHSA-v2v4-37r5-5v8g

<2.95.12-r23
  • L
Permissive Whitelist

<2.95.12-r23
  • M
Arbitrary Code Injection

<2.95.12-r23
  • L
GHSA-jxxr-4gwj-5jf2

<2.95.12-r23
  • L
Cross-site Scripting (XSS)

<2.95.12-r22
  • L
GHSA-w5hq-g745-h8pq

<2.95.12-r22
  • L
GHSA-rpmf-866q-6p89

<2.95.12-r22
  • L
Resource Exhaustion

<2.95.12-r22
  • L
GHSA-qx2v-qp2m-jg93

<2.95.12-r22
  • H
Out-of-bounds Write

<2.95.12-r22
  • L
Information Exposure

<2.95.12-r19
  • C
Arbitrary Code Injection

<2.95.12-r21
  • L
GHSA-xq3m-2v4x-88gg

<2.95.12-r21
  • L
GHSA-fw9q-39r9-c252

<2.95.12-r19
  • M
Directory Traversal

<2.95.12-r19
  • L
CVE-2026-32280

<2.95.12-r19
  • L
GHSA-6v7q-wjvx-w8wg

<2.95.12-r19
  • L
GHSA-rr7j-v2q5-chgv

<2.95.12-r19
  • L
GHSA-39q2-94rc-95cp

<2.95.12-r19
  • H
Allocation of Resources Without Limits or Throttling

<2.95.12-r19
  • L
GHSA-3p68-rc4w-qgx5

<2.95.12-r19
  • L
GHSA-5w89-2c2x-6x66

<2.95.12-r19
  • L
GHSA-q4gf-8mx6-v5v3

<2.95.12-r19
  • L
Improper Check for Unusual or Exceptional Conditions

<2.95.12-r19
  • L
GHSA-jrg3-gfjw-hm96

<2.95.12-r19
  • H
Improper Certificate Validation

<2.95.12-r19
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<2.95.12-r19
  • L
GHSA-fvcv-3m26-pcqx

<2.95.12-r19
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r19
  • L
GHSA-m4pr-4j3g-9v7v

<2.95.12-r19
  • H
Incorrect Authorization

<2.95.12-r19
  • L
GHSA-chqc-8p9q-pq6q

<2.95.12-r19
  • L
GHSA-4w7w-66w2-5vf9

<2.95.12-r19
  • L
CRLF Injection

<2.95.12-r19
  • L
GHSA-r4q5-vmmm-2653

<2.95.12-r19
  • L
GHSA-43fc-jf86-j433

<2.95.12-r19
  • M
HTTP Response Splitting

<2.95.12-r19
  • L
GHSA-c7w3-x93f-qmm8

<2.95.12-r19
  • L
GHSA-gjvh-7jh8-7xhm

<2.95.12-r19
  • L
GHSA-vvjj-xcjg-gr5g

<2.95.12-r19
  • L
GHSA-qj83-cq47-w5f8

<2.95.12-r19
  • L
Resource Exhaustion

<2.95.12-r19
  • L
GHSA-c2c7-rcm5-vvqj

<2.95.12-r17
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r17
  • L
Uncontrolled Recursion

<2.95.12-r17
  • L
Inefficient Regular Expression Complexity

<2.95.12-r17
  • L
GHSA-48c2-rrv3-qjmp

<2.95.12-r17
  • L
GHSA-r5fr-rjxr-66jc

<2.95.12-r17
  • L
GHSA-f23m-r3pf-42rh

<2.95.12-r17
  • C
CVE-2026-4800

<2.95.12-r17
  • L
GHSA-3v7f-55p6-f55p

<2.95.12-r17
  • H
Resource Exhaustion

<2.95.12-r17
  • M
CVE-2026-2950

<2.95.12-r17
  • L
GHSA-37ch-88jc-xwx2

<2.95.12-r17
  • L
GHSA-f886-m6hf-6m8v

<2.95.12-r17
  • L
CVE-2026-4867

<2.95.12-r17
  • L
GHSA-wmrf-hv6w-mr66

<2.95.12-r16
  • L
GHSA-25h7-pfq9-p65f

<2.95.12-r16
  • L
SQL Injection

<2.95.12-r16
  • L
GHSA-8cpq-38p9-67gx

<2.95.12-r16
  • L
GHSA-8gc5-j5rx-235r

<2.95.12-r16
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.95.12-r16
  • L
GHSA-rf6f-7fwh-wjgh

<2.95.12-r16
  • L
Uncontrolled Recursion

<2.95.12-r16
  • L
Improper Validation of Specified Quantity in Input

<2.95.12-r16
  • L
SQL Injection

<2.95.12-r16
  • L
GHSA-jp2q-39xq-3w4g

<2.95.12-r16
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r16
  • L
GHSA-ggv3-7p47-pfv8

<2.95.12-r14
  • M
HTTP Request Smuggling

<2.95.12-r14
  • L
GHSA-3x4c-7xq6-9pq8

<2.95.12-r14
  • H
Resource Exhaustion

<2.95.12-r14
  • M
Off-by-one Error

<2.95.12-r13
  • L
GHSA-gmq8-994r-jv83

<2.95.12-r13
  • L
Direct Request ('Forced Browsing')

<2.95.12-r13
  • L
GHSA-v2wj-7wpq-c8vv

<2.95.12-r13
  • L
Directory Traversal

<2.95.12-r13
  • L
GHSA-5c6j-r48x-rmvq

<2.95.12-r13
  • M
Cross-site Scripting (XSS)

<2.95.12-r13
  • L
GHSA-v8jm-5vwx-cfxm

<2.95.12-r13
  • M
Cross-site Scripting (XSS)

<2.95.12-r13
  • L
GHSA-rv83-g57w-fr8j

<2.95.12-r13
  • L
GHSA-j3gx-2473-5fp8

<2.95.12-r13
  • C
Directory Traversal

<2.95.12-r12
  • L
GHSA-fj3w-jwp8-x2g3

<2.95.12-r12
  • H
Buffer Overflow

<2.95.12-r12
  • L
GHSA-mw96-cpmx-2vgc

<2.95.12-r12
  • L
GHSA-5rq4-664w-9x2c

<2.95.12-r12
  • L
GHSA-7r86-cg39-jmmj

<2.95.12-r12
  • C
Directory Traversal

<2.95.12-r12
  • L
GHSA-23c5-xmqv-rm74

<2.95.12-r12
  • L
Inefficient Regular Expression Complexity

<2.95.12-r12
  • L
Algorithmic Complexity

<2.95.12-r12
  • L
Incorrect Regular Expression

<2.95.12-r11
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r11
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.95.12-r11
  • L
GHSA-m7jm-9gc2-mpf2

<2.95.12-r11
  • L
GHSA-jmr7-xgp7-cmfj

<2.95.12-r11
  • L
GHSA-3ppc-4f35-3m26

<2.95.12-r11
  • L
GHSA-v34v-rq6j-cj6p

<2.95.12-r11
  • H
Inefficient Regular Expression Complexity

<2.95.12-r11
  • L
GHSA-38r7-794h-5758

<2.95.12-r10
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r10
  • L
Inefficient Regular Expression Complexity

<2.95.12-r10
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r10
  • L
GHSA-2g4f-4pwh-qvx6

<2.95.12-r10
  • L
GHSA-8fgc-7cc6-rx7x

<2.95.12-r10
  • L
GHSA-h25m-26qc-wcjf

<2.95.12-r9
  • L
GHSA-9g9p-9gw9-jx7f

<2.95.12-r9
  • H
CVE-2025-59471

<2.95.12-r9
  • L
Improper Input Validation

<2.95.12-r8
  • L
GHSA-37qj-frw5-hhjh

<2.95.12-r8
  • L
CVE-2025-61731

<2.95.12-r8
  • L
GHSA-gr56-3gp6-6gmj

<2.95.12-r8
  • L
CVE-2025-61730

<2.95.12-r8
  • L
GHSA-cm6p-qc7v-m3jw

<2.95.12-r8
  • L
Out-of-bounds Write

<2.95.12-r8
  • L
GHSA-xvqr-69v8-f3gv

<2.95.12-r8
  • L
CVE-2025-50537

<2.95.12-r7
  • L
GHSA-p5wg-g6qr-c7cg

<2.95.12-r7
  • L
GHSA-xxjr-mmjv-4gpg

<2.95.12-r6
  • L
GHSA-73rr-hh4g-fpgx

<2.95.12-r6
  • H
Resource Exhaustion

<2.95.12-r6
  • M
CVE-2025-13465

<2.95.12-r6
  • L
GHSA-6475-r3vj-m8vf

<2.95.12-r5
  • L
GHSA-r399-636x-v7f6

<2.95.12-r4
  • L
GHSA-6rw7-vpxm-498p

<2.95.12-r4
  • C
Deserialization of Untrusted Data

<2.95.12-r4
  • L
CVE-2025-15284

<2.95.12-r4
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r3
  • L
GHSA-43p4-m455-4f4j

<2.95.12-r3
  • L
GHSA-mwv6-3258-q52c

<2.95.12-r2
  • L
GHSA-4fh9-h7wg-q85m

<2.95.12-r2
  • L
GHSA-5j59-xgg2-r9c4

<2.95.12-r2
  • M
CVE-2025-66400

<2.95.12-r2
  • L
Improper Certificate Validation

<2.95.12-r1
  • L
GHSA-7c64-f9jr-v9h2

<2.95.12-r1