langfuse-3 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the langfuse-3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-f23m-r3pf-42rh	<3.164.0-r1
L GHSA-vpq2-c234-7xj6	<3.164.0-r1
L GHSA-r5fr-rjxr-66jc	<3.164.0-r1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.164.0-r1
L CVE-2026-3449	<3.164.0-r1
L GHSA-737v-mqg7-c878	<3.164.0-r1
M CVE-2026-2950	<3.164.0-r1
C CVE-2026-4800	<3.164.0-r1
L Resource Exhaustion	<3.164.0-r1
L GHSA-f886-m6hf-6m8v	<3.164.0-r1
L CVE-2026-27142	<3.163.0-r0
L CVE-2025-61732	<3.163.0-r0
L GHSA-8cpq-38p9-67gx	<3.163.0-r0
M Cross-site Scripting (XSS)	<3.163.0-r0
L Improper Validation of Specified Quantity in Input	<3.163.0-r0
L Uncontrolled Recursion	<3.163.0-r0
L Race Condition	<3.163.0-r0
M Cross-site Scripting (XSS)	<3.163.0-r0
L CVE-2026-25679	<3.163.0-r0
L GHSA-46wh-pxpv-q5gq	<3.163.0-r0
L GHSA-rv83-g57w-fr8j	<3.163.0-r0
M Cross-site Scripting (XSS)	<3.163.0-r0
L GHSA-f7gr-6p89-r883	<3.163.0-r0
L GHSA-h355-32pf-p2xm	<3.163.0-r0
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.163.0-r0
L GHSA-jp2q-39xq-3w4g	<3.163.0-r0
L GHSA-j4j7-vw47-rhfq	<3.163.0-r0
L GHSA-m56q-vw4c-c2cp	<3.163.0-r0
L GHSA-wmrf-hv6w-mr66	<3.163.0-r0
L GHSA-phwv-c562-gvmh	<3.163.0-r0
L GHSA-25h7-pfq9-p65f	<3.163.0-r0
L SQL Injection	<3.163.0-r0
L GHSA-crpf-4hrx-3jrp	<3.163.0-r0
L CVE-2026-27139	<3.163.0-r0
L GHSA-j3gx-2473-5fp8	<3.163.0-r0
C CVE-2025-68121	<3.163.0-r0
L Allocation of Resources Without Limits or Throttling	<3.163.0-r0
L SQL Injection	<3.163.0-r0
L GHSA-8jvr-vh7g-f8gx	<3.163.0-r0
L GHSA-rf6f-7fwh-wjgh	<3.163.0-r0
M Improperly Controlled Modification of Dynamically-Determined Object Attributes	<3.163.0-r0
L GHSA-38f7-945m-qr2g	<3.163.0-r0
L GHSA-3x4c-7xq6-9pq8	<3.162.0-r1
L GHSA-ggv3-7p47-pfv8	<3.162.0-r1
H Resource Exhaustion	<3.162.0-r1
M HTTP Request Smuggling	<3.162.0-r1
L Incorrect Authorization	<3.160.0-r1
L GHSA-v2wj-7wpq-c8vv	<3.160.0-r1
L GHSA-v8jm-5vwx-cfxm	<3.160.0-r1
M Cross-site Scripting (XSS)	<3.160.0-r1
L GHSA-wc8c-qw6v-h7f6	<3.160.0-r1
M Cross-site Scripting (XSS)	<3.160.0-r1
L GHSA-v8w9-8mx6-g223	<3.158.0-r0
L GHSA-5c6j-r48x-rmvq	<3.155.1-r4
C Directory Traversal	<3.155.1-r3
C Directory Traversal	<3.155.1-r3
L GHSA-mw96-cpmx-2vgc	<3.155.1-r3
L GHSA-5rq4-664w-9x2c	<3.155.1-r3
L GHSA-3ppc-4f35-3m26	<3.155.1-r2
L GHSA-gq3j-xvxp-8hrf	<3.155.1-r2
L Server-Side Request Forgery (SSRF)	<3.155.1-r2
H Inefficient Regular Expression Complexity	<3.155.1-r2
H CVE-2026-2391	<3.155.1-r2
L Server-Side Request Forgery (SSRF)	<3.155.1-r2
L GHSA-38r7-794h-5758	<3.155.1-r2
L GHSA-2g4f-4pwh-qvx6	<3.155.1-r2
L GHSA-8fgc-7cc6-rx7x	<3.155.1-r2
L GHSA-w7fw-mjwx-w883	<3.155.1-r2
L Inefficient Regular Expression Complexity	<3.155.1-r2
L Improper Input Validation	<3.153.0-r2
L Server-Side Request Forgery (SSRF)	<3.153.0-r2
L GHSA-v34v-rq6j-cj6p	<3.153.0-r2
L Improper Check for Unusual or Exceptional Conditions	<3.153.0-r2
L GHSA-43fc-jf86-j433	<3.153.0-r2
L GHSA-37qj-frw5-hhjh	<3.153.0-r2
L GHSA-345p-7cg4-v4c7	<3.153.0-r0
L GHSA-9r54-q6cx-xmh5	<3.153.0-r0
L GHSA-9g9p-9gw9-jx7f	<3.153.0-r0
L GHSA-w332-q679-j88p	<3.153.0-r0
L Race Condition	<3.153.0-r0
H CVE-2025-59471	<3.153.0-r0
M Cross-site Scripting (XSS)	<3.153.0-r0
L GHSA-h25m-26qc-wcjf	<3.153.0-r0
M Information Exposure	<3.153.0-r0
L GHSA-6wqw-2p9w-4vw4	<3.153.0-r0
M Incorrect Regular Expression	<3.153.0-r0
L Information Exposure Through Caching	<3.153.0-r0
L GHSA-r354-f388-2fhh	<3.153.0-r0
L GHSA-5f7q-jpqc-wp7h	<3.150.0-r0
H CVE-2025-59472	<3.150.0-r0
H Improper Check or Handling of Exceptional Conditions	<3.135.1-r2
L GHSA-cm6p-qc7v-m3jw	<3.149.0-r1
L GHSA-gr56-3gp6-6gmj	<3.149.0-r1
L CVE-2025-61731	<3.149.0-r1
L Out-of-bounds Write	<3.149.0-r1
L CVE-2025-61730	<3.149.0-r1
L GHSA-xvqr-69v8-f3gv	<3.149.0-r1
L GHSA-xxjr-mmjv-4gpg	<3.146.0-r2
M CVE-2025-13465	<3.146.0-r2
L GHSA-73rr-hh4g-fpgx	<3.146.0-r2
L GHSA-g9mf-h72j-4rw9	<3.146.0-r2
H Resource Exhaustion	<3.146.0-r2
H Allocation of Resources Without Limits or Throttling	<3.146.0-r2
L GHSA-f67f-6cw9-8mq4	<3.146.0-r1
M Improper Verification of Cryptographic Signature	<3.146.0-r1
L GHSA-6475-r3vj-m8vf	<3.146.0-r1
M Improper Verification of Cryptographic Signature	<3.146.0-r1
L GHSA-3vhc-576x-3qv4	<3.146.0-r1
L GHSA-36hm-qxxp-pg3m	<3.146.0-r0
M Access of Resource Using Incompatible Type ('Type Confusion')	<3.146.0-r0
L GHSA-9qr9-h5gf-34mp	<3.137.0-r0
L CVE-2025-15284	<3.143.0-r1
L GHSA-6rw7-vpxm-498p	<3.143.0-r1
L CVE-2025-66478	<3.137.0-r0
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.141.0-r0
L GHSA-43p4-m455-4f4j	<3.141.0-r0
L GHSA-mwv6-3258-q52c	<3.140.0-r0
L GHSA-w37m-7fhw-fmv9	<3.140.0-r0
L GHSA-w48q-cv73-mx4w	<3.137.0-r1
H Insecure Default Initialization of Resource	<3.137.0-r1
L GHSA-869p-cjfg-cm3x	<3.138.0-r0
L Improper Verification of Cryptographic Signature	<3.138.0-r0
L GHSA-4fh9-h7wg-q85m	<3.137.0-r1
M CVE-2025-66400	<3.137.0-r1
L GHSA-rcmh-qjqh-p98v	<3.135.1-r2

Vulnerability

Vulnerable Version

GHSA-f23m-r3pf-42rh

<3.164.0-r1