langfuse-fips-2

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the langfuse-fips-2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	<2.95.12-r25
L GHSA-xhjh-pmcv-23jw	<2.95.12-r25
H Use of Uninitialized Resource	<2.95.12-r25
L CVE-2026-41149	<2.95.12-r25
L GHSA-vf2m-468p-8v99	<2.95.12-r25
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.95.12-r25
L GHSA-q8qp-cvcw-x6jj	<2.95.12-r25
L GHSA-xx6v-rp6x-q39c	<2.95.12-r25
L GHSA-pmwg-cvhr-8vh7	<2.95.12-r25
L CVE-2026-41159	<2.95.12-r25
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.95.12-r25
L GHSA-445q-vr5w-6q77	<2.95.12-r25
L CVE-2026-41150	<2.95.12-r25
L Allocation of Resources Without Limits or Throttling	<2.95.12-r25
L GHSA-3w6x-2g7m-8v23	<2.95.12-r25
C Permissive Whitelist	<2.95.12-r25
L GHSA-3644-q5cj-c5c7	<2.95.12-r25
L GHSA-v2v4-37r5-5v8g	<2.95.12-r25
L GHSA-xcj9-5m2h-648r	<2.95.12-r25
L CVE-2026-45134	<2.95.12-r25
L GHSA-jxxr-4gwj-5jf2	<2.95.12-r25
L Improper Encoding or Escaping of Output	<2.95.12-r25
L Permissive Whitelist	<2.95.12-r25
L GHSA-6m6c-36f7-fhxh	<2.95.12-r25
L CRLF Injection	<2.95.12-r25
L GHSA-62hf-57xw-28j9	<2.95.12-r25
L GHSA-v39h-62p7-jpjc	<2.95.12-r25
H Uncontrolled Recursion	<2.95.12-r25
H Uncontrolled Recursion	<2.95.12-r25
L CVE-2026-6321	<2.95.12-r25
M Improper Authentication	<2.95.12-r25
L GHSA-5c9x-8gcm-mpgx	<2.95.12-r25
L GHSA-87f9-hvmw-gh4p	<2.95.12-r25
L GHSA-58qx-3vcg-4xpx	<2.95.12-r25
L CVE-2026-6322	<2.95.12-r25
M Cross-site Scripting (XSS)	<2.95.12-r25
H Server-Side Request Forgery (SSRF)	<2.95.12-r25
L GHSA-ghcm-xqfw-q4vr	<2.95.12-r25
L GHSA-m7pr-hjqh-92cm	<2.95.12-r25
L GHSA-6chq-wfr3-2hj9	<2.95.12-r25
L GHSA-jggg-4jg4-v7c6	<2.95.12-r25
L GHSA-w9j2-pvgh-6h63	<2.95.12-r25
L Allocation of Resources Without Limits or Throttling	<2.95.12-r25
L GHSA-pf86-5x62-jrwf	<2.95.12-r25
L CVE-2026-41148	<2.95.12-r25
L CVE-2026-45149	<2.95.12-r25
L HTTP Response Splitting	<2.95.12-r25
L GHSA-q3j6-qgpj-74h6	<2.95.12-r25
L GHSA-q7rr-3cgh-j5r3	<2.95.12-r24
L CVE-2026-44902	<2.95.12-r24
L GHSA-qx2v-qp2m-jg93	<2.95.12-r24
H Out-of-bounds Write	<2.95.12-r24
L Resource Exhaustion	<2.95.12-r24
L GHSA-w5hq-g745-h8pq	<2.95.12-r24
L GHSA-rpmf-866q-6p89	<2.95.12-r24
L Cross-site Scripting (XSS)	<2.95.12-r24
L Information Exposure	<2.95.12-r22
C Arbitrary Code Injection	<2.95.12-r23
L GHSA-xq3m-2v4x-88gg	<2.95.12-r23
C Unintended Proxy or Intermediary ('Confused Deputy')	<2.95.12-r22
L GHSA-fvcv-3m26-pcqx	<2.95.12-r22
M HTTP Response Splitting	<2.95.12-r22
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.95.12-r22
L GHSA-gjvh-7jh8-7xhm	<2.95.12-r22
L CRLF Injection	<2.95.12-r22
L GHSA-m4pr-4j3g-9v7v	<2.95.12-r22
L GHSA-chqc-8p9q-pq6q	<2.95.12-r22
L GHSA-q4gf-8mx6-v5v3	<2.95.12-r22
L GHSA-3p68-rc4w-qgx5	<2.95.12-r22
H Allocation of Resources Without Limits or Throttling	<2.95.12-r22
L GHSA-r4q5-vmmm-2653	<2.95.12-r22
M Directory Traversal	<2.95.12-r22
L GHSA-rr7j-v2q5-chgv	<2.95.12-r22
L CVE-2026-32280	<2.95.12-r22
H Incorrect Authorization	<2.95.12-r22
L GHSA-39q2-94rc-95cp	<2.95.12-r22
L GHSA-fw9q-39r9-c252	<2.95.12-r22
L GHSA-6v7q-wjvx-w8wg	<2.95.12-r22
L GHSA-c7w3-x93f-qmm8	<2.95.12-r22
H Improper Certificate Validation	<2.95.12-r22
L GHSA-vvjj-xcjg-gr5g	<2.95.12-r22
L GHSA-4w7w-66w2-5vf9	<2.95.12-r22
L GHSA-jrg3-gfjw-hm96	<2.95.12-r22
L GHSA-5w89-2c2x-6x66	<2.95.12-r22
L GHSA-qj83-cq47-w5f8	<2.95.12-r22
L Resource Exhaustion	<2.95.12-r22
L GHSA-c2c7-rcm5-vvqj	<2.95.12-r20
L GHSA-48c2-rrv3-qjmp	<2.95.12-r20
L GHSA-3v7f-55p6-f55p	<2.95.12-r20
L GHSA-37ch-88jc-xwx2	<2.95.12-r20
C CVE-2026-4800	<2.95.12-r20
L Inefficient Regular Expression Complexity	<2.95.12-r20
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.95.12-r20
L GHSA-r5fr-rjxr-66jc	<2.95.12-r20
L GHSA-f886-m6hf-6m8v	<2.95.12-r20
L CVE-2026-4867	<2.95.12-r20
H Resource Exhaustion	<2.95.12-r20
L GHSA-f23m-r3pf-42rh	<2.95.12-r20
M CVE-2026-2950	<2.95.12-r20
L Uncontrolled Recursion	<2.95.12-r20
L Uncontrolled Recursion	<2.95.12-r19
L GHSA-8gc5-j5rx-235r	<2.95.12-r19
L GHSA-rf6f-7fwh-wjgh	<2.95.12-r19
L Improper Validation of Specified Quantity in Input	<2.95.12-r19
L SQL Injection	<2.95.12-r19
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.95.12-r19
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<2.95.12-r19
L GHSA-jp2q-39xq-3w4g	<2.95.12-r19
L GHSA-wmrf-hv6w-mr66	<2.95.12-r19
L SQL Injection	<2.95.12-r19
L GHSA-25h7-pfq9-p65f	<2.95.12-r19
L GHSA-8cpq-38p9-67gx	<2.95.12-r19
H Resource Exhaustion	<2.95.12-r17
L GHSA-ggv3-7p47-pfv8	<2.95.12-r17
M HTTP Request Smuggling	<2.95.12-r17
L GHSA-3x4c-7xq6-9pq8	<2.95.12-r17
L GHSA-gmq8-994r-jv83	<2.95.12-r16
M Off-by-one Error	<2.95.12-r16
L Directory Traversal	<2.95.12-r16
L GHSA-5c6j-r48x-rmvq	<2.95.12-r16
M Cross-site Scripting (XSS)	<2.95.12-r16
L Direct Request ('Forced Browsing')	<2.95.12-r16
M Cross-site Scripting (XSS)	<2.95.12-r16
L GHSA-rv83-g57w-fr8j	<2.95.12-r16
L GHSA-v8jm-5vwx-cfxm	<2.95.12-r16
L GHSA-v2wj-7wpq-c8vv	<2.95.12-r16
L GHSA-j3gx-2473-5fp8	<2.95.12-r16
L GHSA-2g4f-4pwh-qvx6	<2.95.12-r15
C Directory Traversal	<2.95.12-r15
L GHSA-5rq4-664w-9x2c	<2.95.12-r15
L GHSA-mw96-cpmx-2vgc	<2.95.12-r15
L Inefficient Regular Expression Complexity	<2.95.12-r15
C Directory Traversal	<2.95.12-r15
L GHSA-38r7-794h-5758	<2.95.12-r14
L Server-Side Request Forgery (SSRF)	<2.95.12-r14
L GHSA-8fgc-7cc6-rx7x	<2.95.12-r14
L Server-Side Request Forgery (SSRF)	<2.95.12-r14
H Inefficient Regular Expression Complexity	<2.95.12-r13
L Incorrect Regular Expression	<2.95.12-r13
L Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<2.95.12-r13
L GHSA-m7jm-9gc2-mpf2	<2.95.12-r13
L GHSA-3ppc-4f35-3m26	<2.95.12-r13
L GHSA-jmr7-xgp7-cmfj	<2.95.12-r13
L Server-Side Request Forgery (SSRF)	<2.95.12-r12
L GHSA-v34v-rq6j-cj6p	<2.95.12-r12
L GHSA-9g9p-9gw9-jx7f	<2.95.12-r10
H CVE-2025-59471	<2.95.12-r10
L GHSA-h25m-26qc-wcjf	<2.95.12-r10
L GHSA-37qj-frw5-hhjh	<2.95.12-r9
L Improper Input Validation	<2.95.12-r9
L GHSA-43fc-jf86-j433	<2.95.12-r9
L CVE-2025-61732	<2.95.12-r9
L Improper Check for Unusual or Exceptional Conditions	<2.95.12-r9
L GHSA-h355-32pf-p2xm	<2.95.12-r9
L GHSA-8jvr-vh7g-f8gx	<2.95.12-r9
C CVE-2025-68121	<2.95.12-r9
L Out-of-bounds Write	<2.95.12-r8
L GHSA-p5wg-g6qr-c7cg	<2.95.12-r7
L GHSA-gr56-3gp6-6gmj	<2.95.12-r8
L GHSA-cm6p-qc7v-m3jw	<2.95.12-r8
L CVE-2025-50537	<2.95.12-r7
L CVE-2025-61730	<2.95.12-r8
L GHSA-xvqr-69v8-f3gv	<2.95.12-r8
L CVE-2025-61731	<2.95.12-r8
H Resource Exhaustion	<2.95.12-r6
L GHSA-xxjr-mmjv-4gpg	<2.95.12-r6
M CVE-2025-13465	<2.95.12-r6
L GHSA-73rr-hh4g-fpgx	<2.95.12-r6
L GHSA-6475-r3vj-m8vf	<2.95.12-r5
L GHSA-r399-636x-v7f6	<2.95.12-r4
L GHSA-6rw7-vpxm-498p	<2.95.12-r4
C Deserialization of Untrusted Data	<2.95.12-r4
L CVE-2025-15284	<2.95.12-r4
L GHSA-43p4-m455-4f4j	<2.95.12-r3
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.95.12-r3
L GHSA-5j59-xgg2-r9c4	<2.95.12-r2
L GHSA-mwv6-3258-q52c	<2.95.12-r2
L Improper Certificate Validation	<2.95.12-r1
L GHSA-7c64-f9jr-v9h2	<2.95.12-r1
M CVE-2025-66400	<2.95.12-r1
L GHSA-4fh9-h7wg-q85m	<2.95.12-r1