langfuse-fips-2

Direct Vulnerabilities

Known vulnerabilities in the langfuse-fips-2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Directory Traversal

<2.95.12-r35
  • L
GHSA-fx2h-pf6j-xcff

<2.95.12-r35
  • L
GHSA-v6wh-96g9-6wx3

<2.95.12-r35
  • L
External Control of File Name or Path

<2.95.12-r35
  • L
GHSA-8988-4f7v-96qf

<2.95.12-r35
  • L
Allocation of Resources Without Limits or Throttling

<2.95.12-r35
  • L
Directory Traversal

<2.95.12-r34
  • L
GHSA-4x5r-pxfx-6jf8

<2.95.12-r34
  • L
GHSA-cmwh-pvxp-8882

<2.95.12-r33
  • L
GHSA-p6gq-j5cr-w38f

<2.95.12-r33
  • L
GHSA-99f4-grh7-6pcq

<2.95.12-r32
  • L
CVE-2026-48069

<2.95.12-r32
  • L
GHSA-5375-pq7m-f5r2

<2.95.12-r32
  • L
CVE-2026-48068

<2.95.12-r32
  • L
GHSA-gv7w-rqvm-qjhr

<2.95.12-r32
  • L
GHSA-vpq2-c234-7xj6

<2.95.12-r31
  • L
CVE-2026-3449

<2.95.12-r31
  • L
GHSA-866g-f22w-33x8

<2.95.12-r30
  • M
Resource Exhaustion

<2.95.12-r30
  • L
Origin Validation Error

<2.95.12-r28
  • H
Information Exposure

<2.95.12-r28
  • L
GHSA-c27g-q93r-2cwf

<2.95.12-r28
  • M
Directory Traversal

<2.95.12-r28
  • L
GHSA-xcj6-pq6g-qj4x

<2.95.12-r28
  • M
Directory Traversal

<2.95.12-r28
  • L
GHSA-356w-63v5-8wf4

<2.95.12-r28
  • L
Information Exposure

<2.95.12-r28
  • L
GHSA-4r4m-qw57-chr8

<2.95.12-r28
  • M
Directory Traversal

<2.95.12-r28
  • L
GHSA-vg6x-rcgg-rjx6

<2.95.12-r28
  • L
GHSA-93m4-6634-74q7

<2.95.12-r28
  • L
Information Exposure

<2.95.12-r28
  • L
Directory Traversal

<2.95.12-r28
  • L
GHSA-x574-m823-4x7w

<2.95.12-r28
  • L
GHSA-g4jq-h2w9-997c

<2.95.12-r28
  • L
Arbitrary Command Injection

<2.95.12-r28
  • L
GHSA-859w-5945-r5v3

<2.95.12-r28
  • H
CVE-2025-31125

<2.95.12-r28
  • L
GHSA-jqfw-vq24-v9c3

<2.95.12-r28
  • L
GHSA-pjwm-pj3p-43mv

<2.95.12-r27
  • L
CVE-2026-47429

<2.95.12-r27
  • L
GHSA-654m-c8p4-x5fp

<2.95.12-r27
  • L
GHSA-5xrq-8626-4rwp

<2.95.12-r27
  • L
GHSA-qjx8-664m-686j

<2.95.12-r27
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<2.95.12-r27
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r27
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r27
  • M
HTTP Response Splitting

<2.95.12-r27
  • L
GHSA-35jp-ww65-95wh

<2.95.12-r27
  • L
GHSA-898c-q2cr-xwhg

<2.95.12-r27
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r27
  • L
GHSA-h3gm-q7m7-mp28

<2.95.12-r26
  • L
GHSA-3qcw-2rhx-2726

<2.95.12-r26
  • L
CVE-2026-42507

<2.95.12-r26
  • L
GHSA-4279-q6mj-392r

<2.95.12-r26
  • C
Untrusted Search Path

<2.95.12-r26
  • L
CVE-2026-27145

<2.95.12-r26
  • M
Cross-site Request Forgery (CSRF)

<2.95.12-r26
  • L
GHSA-hcf7-66rw-9f5r

<2.95.12-r26
  • L
GHSA-ph9p-34f9-6g65

<2.95.12-r26
  • H
Directory Traversal

<2.95.12-r26
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<2.95.12-r25
  • L
GHSA-xhjh-pmcv-23jw

<2.95.12-r25
  • H
Use of Uninitialized Resource

<2.95.12-r25
  • L
CVE-2026-41149

<2.95.12-r25
  • L
GHSA-vf2m-468p-8v99

<2.95.12-r25
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r25
  • L
GHSA-q8qp-cvcw-x6jj

<2.95.12-r25
  • L
GHSA-xx6v-rp6x-q39c

<2.95.12-r25
  • L
GHSA-pmwg-cvhr-8vh7

<2.95.12-r25
  • M
Arbitrary Code Injection

<2.95.12-r25
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r25
  • L
GHSA-445q-vr5w-6q77

<2.95.12-r25
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.95.12-r25
  • L
Allocation of Resources Without Limits or Throttling

<2.95.12-r25
  • L
GHSA-3w6x-2g7m-8v23

<2.95.12-r25
  • C
Permissive Whitelist

<2.95.12-r25
  • L
GHSA-3644-q5cj-c5c7

<2.95.12-r25
  • L
GHSA-v2v4-37r5-5v8g

<2.95.12-r25
  • L
GHSA-xcj9-5m2h-648r

<2.95.12-r25
  • L
Deserialization of Untrusted Data

<2.95.12-r25
  • L
GHSA-jxxr-4gwj-5jf2

<2.95.12-r25
  • L
Improper Encoding or Escaping of Output

<2.95.12-r25
  • L
Permissive Whitelist

<2.95.12-r25
  • L
GHSA-6m6c-36f7-fhxh

<2.95.12-r25
  • L
CRLF Injection

<2.95.12-r25
  • L
GHSA-62hf-57xw-28j9

<2.95.12-r25
  • L
GHSA-v39h-62p7-jpjc

<2.95.12-r25
  • H
Uncontrolled Recursion

<2.95.12-r25
  • H
Uncontrolled Recursion

<2.95.12-r25
  • L
CVE-2026-6321

<2.95.12-r25
  • M
Improper Authentication

<2.95.12-r25
  • L
GHSA-5c9x-8gcm-mpgx

<2.95.12-r25
  • L
GHSA-87f9-hvmw-gh4p

<2.95.12-r25
  • L
GHSA-58qx-3vcg-4xpx

<2.95.12-r25
  • L
CVE-2026-6322

<2.95.12-r25
  • M
Cross-site Scripting (XSS)

<2.95.12-r25
  • H
Server-Side Request Forgery (SSRF)

<2.95.12-r25
  • L
GHSA-ghcm-xqfw-q4vr

<2.95.12-r25
  • L
GHSA-m7pr-hjqh-92cm

<2.95.12-r25
  • L
GHSA-6chq-wfr3-2hj9

<2.95.12-r25
  • L
GHSA-jggg-4jg4-v7c6

<2.95.12-r25
  • L
GHSA-w9j2-pvgh-6h63

<2.95.12-r25
  • L
Allocation of Resources Without Limits or Throttling

<2.95.12-r25
  • L
GHSA-pf86-5x62-jrwf

<2.95.12-r25
  • L
Arbitrary Code Injection

<2.95.12-r25
  • H
Resource Exhaustion

<2.95.12-r25
  • L
HTTP Response Splitting

<2.95.12-r25
  • L
GHSA-q3j6-qgpj-74h6

<2.95.12-r25
  • L
GHSA-q7rr-3cgh-j5r3

<2.95.12-r24
  • L
Improper Handling of Exceptional Conditions

<2.95.12-r24
  • L
GHSA-qx2v-qp2m-jg93

<2.95.12-r24
  • H
Out-of-bounds Write

<2.95.12-r24
  • L
Resource Exhaustion

<2.95.12-r24
  • L
GHSA-w5hq-g745-h8pq

<2.95.12-r24
  • L
GHSA-rpmf-866q-6p89

<2.95.12-r24
  • L
Cross-site Scripting (XSS)

<2.95.12-r24
  • L
Information Exposure

<2.95.12-r22
  • C
Arbitrary Code Injection

<2.95.12-r23
  • L
GHSA-xq3m-2v4x-88gg

<2.95.12-r23
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<2.95.12-r22
  • L
GHSA-fvcv-3m26-pcqx

<2.95.12-r22
  • M
HTTP Response Splitting

<2.95.12-r22
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r22
  • L
GHSA-gjvh-7jh8-7xhm

<2.95.12-r22
  • L
CRLF Injection

<2.95.12-r22
  • L
GHSA-m4pr-4j3g-9v7v

<2.95.12-r22
  • L
GHSA-chqc-8p9q-pq6q

<2.95.12-r22
  • L
GHSA-q4gf-8mx6-v5v3

<2.95.12-r22
  • L
GHSA-3p68-rc4w-qgx5

<2.95.12-r22
  • H
Allocation of Resources Without Limits or Throttling

<2.95.12-r22
  • L
GHSA-r4q5-vmmm-2653

<2.95.12-r22
  • M
Directory Traversal

<2.95.12-r22
  • L
GHSA-rr7j-v2q5-chgv

<2.95.12-r22
  • L
CVE-2026-32280

<2.95.12-r22
  • H
Incorrect Authorization

<2.95.12-r22
  • L
GHSA-39q2-94rc-95cp

<2.95.12-r22
  • L
GHSA-fw9q-39r9-c252

<2.95.12-r22
  • L
GHSA-6v7q-wjvx-w8wg

<2.95.12-r22
  • L
GHSA-c7w3-x93f-qmm8

<2.95.12-r22
  • H
Improper Certificate Validation

<2.95.12-r22
  • L
GHSA-vvjj-xcjg-gr5g

<2.95.12-r22
  • L
GHSA-4w7w-66w2-5vf9

<2.95.12-r22
  • L
GHSA-jrg3-gfjw-hm96

<2.95.12-r22
  • L
GHSA-5w89-2c2x-6x66

<2.95.12-r22
  • L
GHSA-qj83-cq47-w5f8

<2.95.12-r22
  • L
Resource Exhaustion

<2.95.12-r22
  • L
GHSA-c2c7-rcm5-vvqj

<2.95.12-r20
  • L
GHSA-48c2-rrv3-qjmp

<2.95.12-r20
  • L
GHSA-3v7f-55p6-f55p

<2.95.12-r20
  • L
GHSA-37ch-88jc-xwx2

<2.95.12-r20
  • C
CVE-2026-4800

<2.95.12-r20
  • L
Inefficient Regular Expression Complexity

<2.95.12-r20
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r20
  • L
GHSA-r5fr-rjxr-66jc

<2.95.12-r20
  • L
GHSA-f886-m6hf-6m8v

<2.95.12-r20
  • L
CVE-2026-4867

<2.95.12-r20
  • H
Resource Exhaustion

<2.95.12-r20
  • L
GHSA-f23m-r3pf-42rh

<2.95.12-r20
  • M
CVE-2026-2950

<2.95.12-r20
  • L
Uncontrolled Recursion

<2.95.12-r20
  • L
Uncontrolled Recursion

<2.95.12-r19
  • L
GHSA-8gc5-j5rx-235r

<2.95.12-r19
  • L
GHSA-rf6f-7fwh-wjgh

<2.95.12-r19
  • L
Improper Validation of Specified Quantity in Input

<2.95.12-r19
  • L
SQL Injection

<2.95.12-r19
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r19
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.95.12-r19
  • L
GHSA-jp2q-39xq-3w4g

<2.95.12-r19
  • L
GHSA-wmrf-hv6w-mr66

<2.95.12-r19
  • L
SQL Injection

<2.95.12-r19
  • L
GHSA-25h7-pfq9-p65f

<2.95.12-r19
  • L
GHSA-8cpq-38p9-67gx

<2.95.12-r19
  • H
Resource Exhaustion

<2.95.12-r17
  • L
GHSA-ggv3-7p47-pfv8

<2.95.12-r17
  • M
HTTP Request Smuggling

<2.95.12-r17
  • L
GHSA-3x4c-7xq6-9pq8

<2.95.12-r17
  • L
GHSA-gmq8-994r-jv83

<2.95.12-r16
  • M
Off-by-one Error

<2.95.12-r16
  • L
Directory Traversal

<2.95.12-r16
  • L
GHSA-5c6j-r48x-rmvq

<2.95.12-r16
  • M
Cross-site Scripting (XSS)

<2.95.12-r16
  • L
Direct Request ('Forced Browsing')

<2.95.12-r16
  • M
Cross-site Scripting (XSS)

<2.95.12-r16
  • L
GHSA-rv83-g57w-fr8j

<2.95.12-r16
  • L
GHSA-v8jm-5vwx-cfxm

<2.95.12-r16
  • L
GHSA-v2wj-7wpq-c8vv

<2.95.12-r16
  • L
GHSA-j3gx-2473-5fp8

<2.95.12-r16
  • L
GHSA-2g4f-4pwh-qvx6

<2.95.12-r15
  • C
Directory Traversal

<2.95.12-r15
  • L
GHSA-5rq4-664w-9x2c

<2.95.12-r15
  • L
GHSA-mw96-cpmx-2vgc

<2.95.12-r15
  • L
Inefficient Regular Expression Complexity

<2.95.12-r15
  • C
Directory Traversal

<2.95.12-r15
  • L
GHSA-38r7-794h-5758

<2.95.12-r14
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r14
  • L
GHSA-8fgc-7cc6-rx7x

<2.95.12-r14
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r14
  • H
Inefficient Regular Expression Complexity

<2.95.12-r13
  • L
Incorrect Regular Expression

<2.95.12-r13
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.95.12-r13
  • L
GHSA-m7jm-9gc2-mpf2

<2.95.12-r13
  • L
GHSA-3ppc-4f35-3m26

<2.95.12-r13
  • L
GHSA-jmr7-xgp7-cmfj

<2.95.12-r13
  • L
Server-Side Request Forgery (SSRF)

<2.95.12-r12
  • L
GHSA-v34v-rq6j-cj6p

<2.95.12-r12
  • L
GHSA-9g9p-9gw9-jx7f

<2.95.12-r10
  • H
CVE-2025-59471

<2.95.12-r10
  • L
GHSA-h25m-26qc-wcjf

<2.95.12-r10
  • L
GHSA-37qj-frw5-hhjh

<2.95.12-r9
  • L
Improper Input Validation

<2.95.12-r9
  • L
GHSA-43fc-jf86-j433

<2.95.12-r9
  • L
CVE-2025-61732

<2.95.12-r9
  • L
Improper Check for Unusual or Exceptional Conditions

<2.95.12-r9
  • L
GHSA-h355-32pf-p2xm

<2.95.12-r9
  • L
GHSA-8jvr-vh7g-f8gx

<2.95.12-r9
  • C
CVE-2025-68121

<2.95.12-r9
  • L
Out-of-bounds Write

<2.95.12-r8
  • L
GHSA-p5wg-g6qr-c7cg

<2.95.12-r7
  • L
GHSA-gr56-3gp6-6gmj

<2.95.12-r8
  • L
GHSA-cm6p-qc7v-m3jw

<2.95.12-r8
  • L
CVE-2025-50537

<2.95.12-r7
  • L
CVE-2025-61730

<2.95.12-r8
  • L
GHSA-xvqr-69v8-f3gv

<2.95.12-r8
  • L
CVE-2025-61731

<2.95.12-r8
  • H
Resource Exhaustion

<2.95.12-r6
  • L
GHSA-xxjr-mmjv-4gpg

<2.95.12-r6
  • M
CVE-2025-13465

<2.95.12-r6
  • L
GHSA-73rr-hh4g-fpgx

<2.95.12-r6
  • L
GHSA-6475-r3vj-m8vf

<2.95.12-r5
  • L
GHSA-r399-636x-v7f6

<2.95.12-r4
  • L
GHSA-6rw7-vpxm-498p

<2.95.12-r4
  • C
Deserialization of Untrusted Data

<2.95.12-r4
  • L
CVE-2025-15284

<2.95.12-r4
  • L
GHSA-43p4-m455-4f4j

<2.95.12-r3
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.95.12-r3
  • L
GHSA-5j59-xgg2-r9c4

<2.95.12-r2
  • L
GHSA-mwv6-3258-q52c

<2.95.12-r2
  • L
Improper Certificate Validation

<2.95.12-r1
  • L
GHSA-7c64-f9jr-v9h2

<2.95.12-r1
  • M
CVE-2025-66400

<2.95.12-r1
  • L
GHSA-4fh9-h7wg-q85m

<2.95.12-r1