langfuse-3

Direct Vulnerabilities

Known vulnerabilities in the langfuse-3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Algorithmic Complexity

<3.191.0-r0
  • L
GHSA-p6gq-j5cr-w38f

<3.194.0-r0
  • L
GHSA-h67p-54hq-rp68

<3.191.0-r0
  • L
GHSA-8988-4f7v-96qf

<3.197.1-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.197.1-r0
  • L
CVE-2026-9697

<3.194.0-r0
  • L
GHSA-vmh5-mc38-953g

<3.194.0-r0
  • L
CVE-2026-9678

<3.194.0-r0
  • L
GHSA-pr7r-676h-xcf6

<3.194.0-r0
  • L
GHSA-cmwh-pvxp-8882

<3.197.1-r0
  • L
CVE-2026-56761

<3.164.0-r5
  • L
GHSA-gvmj-g25r-r7wr

<3.191.0-r0
  • L
GHSA-f38q-mgvj-vph7

<3.191.0-r0
  • L
GHSA-x4vx-rjvf-j5p4

<3.191.0-r0
  • L
GHSA-r7g4-qg5f-qqm2

<3.191.0-r0
  • L
GHSA-268h-hp4c-crq3

<3.191.0-r0
  • L
GHSA-rp9w-3fw7-7cwq

<3.191.0-r0
  • L
GHSA-wqvq-jvpq-h66f

<3.191.0-r0
  • L
CVE-2026-49978

<3.191.0-r0
  • L
GHSA-76mc-f452-cxcm

<3.191.0-r0
  • L
Directory Traversal

<3.191.0-r0
  • L
GHSA-4x5r-pxfx-6jf8

<3.191.0-r0
  • L
Uncontrolled Recursion

<3.191.0-r0
  • L
GHSA-vxr8-fq34-vvx9

<3.191.0-r0
  • L
CVE-2026-49459

<3.188.0-r0
  • L
Uncontrolled Recursion

<3.188.0-r0
  • L
CVE-2026-12143

<3.188.0-r0
  • L
GHSA-96hv-2xvq-fx4p

<3.188.0-r0
  • L
GHSA-wcpc-wj8m-hjx6

<3.188.0-r0
  • L
GHSA-r47g-fvhr-h676

<3.188.0-r0
  • L
Resource Exhaustion

<3.188.0-r0
  • L
CVE-2026-49458

<3.188.0-r0
  • L
GHSA-hpcv-96wg-7vj8

<3.188.0-r0
  • L
GHSA-hmw2-7cc7-3qxx

<3.188.0-r0
  • L
CVE-2026-48068

<3.186.0-r0
  • L
GHSA-99f4-grh7-6pcq

<3.186.0-r0
  • L
GHSA-5375-pq7m-f5r2

<3.186.0-r0
  • L
CVE-2026-48069

<3.186.0-r0
  • L
GHSA-p9ff-h696-f583

<3.179.1-r3
  • L
CVE-2026-4926

<3.179.1-r3
  • L
GHSA-27v5-c462-wpq7

<3.179.1-r3
  • L
GHSA-g4jq-h2w9-997c

<3.179.1-r3
  • H
Information Exposure

<3.179.1-r3
  • L
Resource Exhaustion

<3.179.1-r3
  • L
GHSA-93m4-6634-74q7

<3.179.1-r3
  • L
GHSA-jqfw-vq24-v9c3

<3.179.1-r3
  • L
Directory Traversal

<3.179.1-r3
  • M
Directory Traversal

<3.179.1-r3
  • M
Directory Traversal

<3.179.1-r3
  • L
GHSA-j3q9-mxjg-w52f

<3.179.1-r3
  • L
GHSA-v6h2-p8h4-qcjw

<3.179.1-r3
  • L
CVE-2026-4923

<3.179.1-r3
  • L
CVE-2026-1528

<3.179.1-r1
  • L
GHSA-4992-7rv2-5pvq

<3.179.1-r1
  • L
GHSA-2mjp-6q6p-2qxm

<3.179.1-r1
  • L
CVE-2026-1526

<3.179.1-r1
  • L
GHSA-f269-vfmq-vjvj

<3.179.1-r1
  • L
CVE-2026-1527

<3.179.1-r1
  • L
GHSA-v9p9-hfj2-hcw8

<3.179.1-r1
  • L
GHSA-vrm6-8vpv-qv8q

<3.179.1-r1
  • L
CVE-2026-2229

<3.179.1-r1
  • C
CVE-2026-1525

<3.179.1-r1
  • L
Server-Side Request Forgery (SSRF)

<3.177.1-r0
  • M
HTTP Response Splitting

<3.177.1-r0
  • L
GHSA-pjwm-pj3p-43mv

<3.177.1-r0
  • L
GHSA-654m-c8p4-x5fp

<3.177.1-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.177.1-r0
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<3.177.1-r0
  • L
GHSA-898c-q2cr-xwhg

<3.177.1-r0
  • L
GHSA-35jp-ww65-95wh

<3.177.1-r0
  • L
GHSA-hm8q-7f3q-5f36

<3.176.0-r0
  • L
Information Exposure Through Caching

<3.176.0-r0
  • L
GHSA-q8mj-m7cp-5q26

<3.176.0-r0
  • L
Improper Validation of Specified Quantity in Input

<3.176.0-r0
  • L
GHSA-p77w-8qqv-26rm

<3.176.0-r0
  • L
Arbitrary Code Injection

<3.176.0-r0
  • L
CVE-2026-8723

<3.176.0-r0
  • L
GHSA-qp7p-654g-cw7p

<3.176.0-r0
  • L
GHSA-jggg-4jg4-v7c6

<3.175.0-r0
  • L
GHSA-jxxr-4gwj-5jf2

<3.175.0-r0
  • L
GHSA-hcf7-66rw-9f5r

<3.175.0-r0
  • H
Uncontrolled Recursion

<3.175.0-r0
  • M
Cross-site Request Forgery (CSRF)

<3.175.0-r0
  • L
GHSA-58qx-3vcg-4xpx

<3.175.0-r0
  • H
Resource Exhaustion

<3.175.0-r0
  • H
Use of Uninitialized Resource

<3.175.0-r0
  • L
GHSA-3qcw-2rhx-2726

<3.175.0-r0
  • C
Untrusted Search Path

<3.175.0-r0
  • L
GHSA-pmwg-cvhr-8vh7

<3.174.1-r0
  • L
CVE-2026-6322

<3.174.1-r0
  • H
Uncontrolled Recursion

<3.174.1-r0
  • L
GHSA-v39h-62p7-jpjc

<3.174.1-r0
  • L
GHSA-q7rr-3cgh-j5r3

<3.174.1-r0
  • L
GHSA-6chq-wfr3-2hj9

<3.174.1-r0
  • M
Cross-site Scripting (XSS)

<3.174.1-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.174.1-r0
  • M
Improper Access Control

<3.174.1-r0
  • L
Permissive Whitelist

<3.174.1-r0
  • L
GHSA-xhjh-pmcv-23jw

<3.174.1-r0
  • L
GHSA-5c9x-8gcm-mpgx

<3.174.1-r0
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.174.1-r0
  • L
HTTP Response Splitting

<3.174.1-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.174.1-r0
  • L
Deserialization of Untrusted Data

<3.174.1-r0
  • M
Improper Authentication

<3.174.1-r0
  • L
GHSA-m7pr-hjqh-92cm

<3.174.1-r0
  • L
Improper Handling of Exceptional Conditions

<3.174.1-r0
  • L
Improper Encoding or Escaping of Output

<3.174.1-r0
  • L
GHSA-xx6v-rp6x-q39c

<3.174.1-r0
  • L
GHSA-445q-vr5w-6q77

<3.174.1-r0
  • L
CVE-2026-6321

<3.174.1-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.174.1-r0
  • L
GHSA-62hf-57xw-28j9

<3.174.1-r0
  • L
CRLF Injection

<3.174.1-r0
  • L
GHSA-vf2m-468p-8v99

<3.174.1-r0
  • L
GHSA-q8qp-cvcw-x6jj

<3.174.1-r0
  • L
GHSA-3w6x-2g7m-8v23

<3.174.1-r0
  • L
GHSA-pf86-5x62-jrwf

<3.174.1-r0
  • L
GHSA-3644-q5cj-c5c7

<3.174.1-r0
  • L
GHSA-q3j6-qgpj-74h6

<3.174.1-r0
  • C
Permissive Whitelist

<3.174.1-r0
  • L
GHSA-w9j2-pvgh-6h63

<3.174.1-r0
  • L
GHSA-v2v4-37r5-5v8g

<3.174.1-r0
  • H
Server-Side Request Forgery (SSRF)

<3.174.1-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.174.1-r0
  • H
Out-of-bounds Write

<3.164.0-r8
  • L
XML Injection

<3.164.0-r8
  • L
GHSA-w5hq-g745-h8pq

<3.164.0-r8
  • L
GHSA-gh4j-gqv2-49f6

<3.164.0-r8
  • L
Cross-site Scripting (XSS)

<3.164.0-r8
  • L
GHSA-qx2v-qp2m-jg93

<3.164.0-r8
  • L
Information Exposure

<3.164.0-r6
  • L
GHSA-48c2-rrv3-qjmp

<3.164.0-r7
  • L
Uncontrolled Recursion

<3.164.0-r7
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.164.0-r6
  • L
GHSA-xq3m-2v4x-88gg

<3.164.0-r6
  • L
GHSA-fw9q-39r9-c252

<3.164.0-r6
  • L
GHSA-r4q5-vmmm-2653

<3.164.0-r6
  • L
GHSA-rr7j-v2q5-chgv

<3.164.0-r6
  • L
GHSA-q4gf-8mx6-v5v3

<3.164.0-r6
  • L
GHSA-39q2-94rc-95cp

<3.164.0-r6
  • C
Arbitrary Code Injection

<3.164.0-r6
  • L
GHSA-458j-xx4x-4375

<3.164.0-r5
  • L
GHSA-26pp-8wgv-hjvm

<3.164.0-r5
  • L
CRLF Injection

<3.164.0-r5
  • L
GHSA-wmmm-f939-6g9c

<3.164.0-r5
  • M
Directory Traversal

<3.164.0-r5
  • L
GHSA-r5rp-j6wh-rvv4

<3.164.0-r5
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<3.164.0-r5
  • M
Directory Traversal

<3.164.0-r5
  • L
GHSA-6v7q-wjvx-w8wg

<3.164.0-r5
  • H
Directory Traversal

<3.164.0-r5
  • L
GHSA-4w7w-66w2-5vf9

<3.164.0-r5
  • L
GHSA-xpcf-pg52-r92g

<3.164.0-r5
  • L
Improper Input Validation

<3.164.0-r5
  • L
GHSA-xf4j-xp2r-rqqx

<3.164.0-r5
  • L
GHSA-chqc-8p9q-pq6q

<3.164.0-r5
  • L
GHSA-92pp-h63x-v22m

<3.164.0-r5
  • L
Directory Traversal

<3.164.0-r5
  • L
GHSA-vvjj-xcjg-gr5g

<3.164.0-r5
  • L
GHSA-fvcv-3m26-pcqx

<3.164.0-r5
  • L
GHSA-c7w3-x93f-qmm8

<3.164.0-r5
  • M
HTTP Response Splitting

<3.164.0-r5
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<3.164.0-r5
  • L
GHSA-3p68-rc4w-qgx5

<3.164.0-r5
  • L
GHSA-8r9q-7v3j-jr4g

<3.145.0-r0
  • H
Inefficient Regular Expression Complexity

<3.145.0-r0
  • L
GHSA-f23m-r3pf-42rh

<3.164.0-r1
  • L
GHSA-vpq2-c234-7xj6

<3.164.0-r1
  • L
GHSA-r5fr-rjxr-66jc

<3.164.0-r1
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.164.0-r1
  • L
CVE-2026-3449

<3.164.0-r1
  • L
GHSA-737v-mqg7-c878

<3.164.0-r1
  • M
CVE-2026-2950

<3.164.0-r1
  • C
CVE-2026-4800

<3.164.0-r1
  • H
Resource Exhaustion

<3.164.0-r1
  • L
GHSA-f886-m6hf-6m8v

<3.164.0-r1
  • L
CVE-2025-61732

<3.163.0-r0
  • L
GHSA-8cpq-38p9-67gx

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
Improper Validation of Specified Quantity in Input

<3.163.0-r0
  • L
Uncontrolled Recursion

<3.163.0-r0
  • L
Race Condition

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
Direct Request ('Forced Browsing')

<3.163.0-r0
  • L
GHSA-46wh-pxpv-q5gq

<3.163.0-r0
  • L
GHSA-rv83-g57w-fr8j

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-f7gr-6p89-r883

<3.163.0-r0
  • L
GHSA-h355-32pf-p2xm

<3.163.0-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.163.0-r0
  • L
GHSA-jp2q-39xq-3w4g

<3.163.0-r0
  • L
GHSA-m56q-vw4c-c2cp

<3.163.0-r0
  • L
GHSA-wmrf-hv6w-mr66

<3.163.0-r0
  • L
GHSA-phwv-c562-gvmh

<3.163.0-r0
  • L
GHSA-25h7-pfq9-p65f

<3.163.0-r0
  • L
SQL Injection

<3.163.0-r0
  • L
GHSA-crpf-4hrx-3jrp

<3.163.0-r0
  • L
Directory Traversal

<3.163.0-r0
  • L
GHSA-j3gx-2473-5fp8

<3.163.0-r0
  • C
CVE-2025-68121

<3.163.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.163.0-r0
  • L
SQL Injection

<3.163.0-r0
  • L
GHSA-8jvr-vh7g-f8gx

<3.163.0-r0
  • L
GHSA-rf6f-7fwh-wjgh

<3.163.0-r0
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.163.0-r0
  • L
GHSA-38f7-945m-qr2g

<3.163.0-r0
  • L
GHSA-3x4c-7xq6-9pq8

<3.162.0-r1
  • L
GHSA-ggv3-7p47-pfv8

<3.162.0-r1
  • H
Resource Exhaustion

<3.162.0-r1
  • M
HTTP Request Smuggling

<3.162.0-r1
  • L
Incorrect Authorization

<3.160.0-r1
  • L
GHSA-v2wj-7wpq-c8vv

<3.160.0-r1
  • L
GHSA-v8jm-5vwx-cfxm

<3.160.0-r1
  • M
Cross-site Scripting (XSS)

<3.160.0-r1
  • L
GHSA-wc8c-qw6v-h7f6

<3.160.0-r1
  • M
Cross-site Scripting (XSS)

<3.160.0-r1
  • L
GHSA-v8w9-8mx6-g223

<3.158.0-r0
  • L
GHSA-5c6j-r48x-rmvq

<3.155.1-r4
  • C
Directory Traversal

<3.155.1-r3
  • C
Directory Traversal

<3.155.1-r3
  • L
GHSA-mw96-cpmx-2vgc

<3.155.1-r3
  • L
GHSA-5rq4-664w-9x2c

<3.155.1-r3
  • L
GHSA-3ppc-4f35-3m26

<3.155.1-r2
  • L
GHSA-gq3j-xvxp-8hrf

<3.155.1-r2
  • L
Server-Side Request Forgery (SSRF)

<3.155.1-r2
  • H
Inefficient Regular Expression Complexity

<3.155.1-r2
  • H
CVE-2026-2391

<3.155.1-r2
  • L
Server-Side Request Forgery (SSRF)

<3.155.1-r2
  • L
GHSA-38r7-794h-5758

<3.155.1-r2
  • L
GHSA-2g4f-4pwh-qvx6

<3.155.1-r2
  • L
GHSA-8fgc-7cc6-rx7x

<3.155.1-r2
  • L
GHSA-w7fw-mjwx-w883

<3.155.1-r2
  • L
Inefficient Regular Expression Complexity

<3.155.1-r2
  • L
Improper Input Validation

<3.153.0-r2
  • L
Server-Side Request Forgery (SSRF)

<3.153.0-r2
  • L
GHSA-v34v-rq6j-cj6p

<3.153.0-r2
  • L
Improper Check for Unusual or Exceptional Conditions

<3.153.0-r2
  • L
GHSA-43fc-jf86-j433

<3.153.0-r2
  • L
GHSA-37qj-frw5-hhjh

<3.153.0-r2
  • L
GHSA-345p-7cg4-v4c7

<3.153.0-r0
  • L
GHSA-9r54-q6cx-xmh5

<3.153.0-r0
  • L
GHSA-9g9p-9gw9-jx7f

<3.153.0-r0
  • L
GHSA-w332-q679-j88p

<3.153.0-r0
  • L
Race Condition

<3.153.0-r0
  • H
CVE-2025-59471

<3.153.0-r0
  • M
Cross-site Scripting (XSS)

<3.153.0-r0
  • L
GHSA-h25m-26qc-wcjf

<3.153.0-r0
  • M
Information Exposure

<3.153.0-r0
  • L
GHSA-6wqw-2p9w-4vw4

<3.153.0-r0
  • M
Incorrect Regular Expression

<3.153.0-r0
  • L
Information Exposure Through Caching

<3.153.0-r0
  • L
GHSA-r354-f388-2fhh

<3.153.0-r0
  • L
GHSA-5f7q-jpqc-wp7h

<3.150.0-r0
  • H
CVE-2025-59472

<3.150.0-r0
  • H
Improper Check or Handling of Exceptional Conditions

<3.135.1-r2
  • L
GHSA-cm6p-qc7v-m3jw

<3.149.0-r1
  • L
GHSA-gr56-3gp6-6gmj

<3.149.0-r1
  • L
CVE-2025-61731

<3.149.0-r1
  • L
Out-of-bounds Write

<3.149.0-r1
  • L
CVE-2025-61730

<3.149.0-r1
  • L
GHSA-xvqr-69v8-f3gv

<3.149.0-r1
  • L
GHSA-xxjr-mmjv-4gpg

<3.146.0-r2
  • M
CVE-2025-13465

<3.146.0-r2
  • L
GHSA-73rr-hh4g-fpgx

<3.146.0-r2
  • L
GHSA-g9mf-h72j-4rw9

<3.146.0-r2
  • H
Resource Exhaustion

<3.146.0-r2
  • H
Allocation of Resources Without Limits or Throttling

<3.146.0-r2
  • L
GHSA-f67f-6cw9-8mq4

<3.146.0-r1
  • M
Improper Verification of Cryptographic Signature

<3.146.0-r1
  • L
GHSA-6475-r3vj-m8vf

<3.146.0-r1
  • M
Improper Verification of Cryptographic Signature

<3.146.0-r1
  • L
GHSA-3vhc-576x-3qv4

<3.146.0-r1
  • L
GHSA-36hm-qxxp-pg3m

<3.146.0-r0
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<3.146.0-r0
  • L
GHSA-9qr9-h5gf-34mp

<3.137.0-r0
  • L
CVE-2025-15284

<3.143.0-r1
  • L
GHSA-6rw7-vpxm-498p

<3.143.0-r1
  • L
CVE-2025-66478

<3.137.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.141.0-r0
  • L
GHSA-43p4-m455-4f4j

<3.141.0-r0
  • L
GHSA-mwv6-3258-q52c

<3.140.0-r0
  • L
GHSA-w37m-7fhw-fmv9

<3.140.0-r0
  • L
GHSA-w48q-cv73-mx4w

<3.137.0-r1
  • H
Insecure Default Initialization of Resource

<3.137.0-r1
  • L
GHSA-869p-cjfg-cm3x

<3.138.0-r0
  • L
Improper Verification of Cryptographic Signature

<3.138.0-r0
  • L
GHSA-4fh9-h7wg-q85m

<3.137.0-r1
  • M
CVE-2025-66400

<3.137.0-r1
  • L
GHSA-rcmh-qjqh-p98v

<3.135.1-r2