langfuse-fips-3

Direct Vulnerabilities

Known vulnerabilities in the langfuse-fips-3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-p6gq-j5cr-w38f

<3.194.0-r0
  • L
GHSA-h67p-54hq-rp68

<3.192.0-r0
  • L
Algorithmic Complexity

<3.192.0-r0
  • L
GHSA-pr7r-676h-xcf6

<3.194.0-r0
  • L
CVE-2026-9678

<3.194.0-r0
  • L
GHSA-8988-4f7v-96qf

<3.197.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.197.0-r0
  • L
CVE-2026-9697

<3.194.0-r0
  • L
GHSA-vmh5-mc38-953g

<3.194.0-r0
  • L
GHSA-cmwh-pvxp-8882

<3.197.0-r0
  • L
CVE-2026-56761

<3.164.0-r3
  • L
GHSA-rp9w-3fw7-7cwq

<3.192.0-r0
  • L
GHSA-r7g4-qg5f-qqm2

<3.192.0-r0
  • L
GHSA-f38q-mgvj-vph7

<3.192.0-r0
  • L
GHSA-x4vx-rjvf-j5p4

<3.192.0-r0
  • L
Directory Traversal

<3.192.0-r0
  • L
CVE-2026-49978

<3.192.0-r0
  • L
GHSA-gvmj-g25r-r7wr

<3.192.0-r0
  • L
GHSA-vxr8-fq34-vvx9

<3.192.0-r0
  • L
Uncontrolled Recursion

<3.192.0-r0
  • L
GHSA-4x5r-pxfx-6jf8

<3.192.0-r0
  • L
GHSA-268h-hp4c-crq3

<3.192.0-r0
  • L
GHSA-wqvq-jvpq-h66f

<3.192.0-r0
  • L
GHSA-76mc-f452-cxcm

<3.192.0-r0
  • L
Resource Exhaustion

<3.188.0-r0
  • L
GHSA-wwfh-h76j-fc44

<3.188.0-r0
  • L
GHSA-j6c9-x7qj-28xf

<3.188.0-r0
  • L
GHSA-wgpf-jwqj-8h8p

<3.188.0-r0
  • L
GHSA-r47g-fvhr-h676

<3.188.0-r0
  • L
Directory Traversal

<3.188.0-r0
  • L
CVE-2026-49458

<3.188.0-r0
  • L
GHSA-88fw-hqm2-52qc

<3.188.0-r0
  • L
GHSA-hpcv-96wg-7vj8

<3.188.0-r0
  • L
CVE-2026-12143

<3.188.0-r0
  • L
Use of Less Trusted Source

<3.188.0-r0
  • L
GHSA-wcpc-wj8m-hjx6

<3.188.0-r0
  • L
Uncontrolled Recursion

<3.188.0-r0
  • L
Overly Permissive Cross-domain Whitelist

<3.188.0-r0
  • L
Improper Encoding or Escaping of Output

<3.188.0-r0
  • L
CVE-2026-49459

<3.188.0-r0
  • L
GHSA-rv63-4mwf-qqc2

<3.188.0-r0
  • L
GHSA-hmw2-7cc7-3qxx

<3.188.0-r0
  • L
Insufficient Verification of Data Authenticity

<3.188.0-r0
  • L
GHSA-96hv-2xvq-fx4p

<3.188.0-r0
  • L
GHSA-5375-pq7m-f5r2

<3.186.0-r0
  • L
CVE-2026-48069

<3.186.0-r0
  • L
CVE-2026-48068

<3.186.0-r0
  • L
GHSA-99f4-grh7-6pcq

<3.186.0-r0
  • L
GHSA-jqfw-vq24-v9c3

<3.179.1-r2
  • H
Information Exposure

<3.179.1-r2
  • L
CVE-2026-4926

<3.179.1-r2
  • M
Directory Traversal

<3.179.1-r2
  • L
GHSA-j3q9-mxjg-w52f

<3.179.1-r2
  • L
GHSA-27v5-c462-wpq7

<3.179.1-r2
  • L
Directory Traversal

<3.179.1-r2
  • L
Resource Exhaustion

<3.179.1-r2
  • L
GHSA-93m4-6634-74q7

<3.179.1-r2
  • M
Directory Traversal

<3.179.1-r2
  • L
GHSA-g4jq-h2w9-997c

<3.179.1-r2
  • L
GHSA-p9ff-h696-f583

<3.179.1-r2
  • L
CVE-2026-4923

<3.179.1-r2
  • L
GHSA-v6h2-p8h4-qcjw

<3.179.1-r2
  • L
GHSA-2mjp-6q6p-2qxm

<3.179.1-r1
  • L
GHSA-4992-7rv2-5pvq

<3.179.1-r1
  • L
CVE-2026-1526

<3.179.1-r1
  • L
CVE-2026-1528

<3.179.1-r1
  • C
CVE-2026-1525

<3.179.1-r1
  • L
CVE-2026-1527

<3.179.1-r1
  • L
GHSA-v9p9-hfj2-hcw8

<3.179.1-r1
  • L
CVE-2026-2229

<3.179.1-r1
  • L
GHSA-vrm6-8vpv-qv8q

<3.179.1-r1
  • L
GHSA-f269-vfmq-vjvj

<3.179.1-r1
  • M
HTTP Response Splitting

<3.177.1-r0
  • L
GHSA-654m-c8p4-x5fp

<3.177.1-r0
  • L
Server-Side Request Forgery (SSRF)

<3.177.1-r0
  • L
GHSA-35jp-ww65-95wh

<3.177.1-r0
  • L
GHSA-898c-q2cr-xwhg

<3.177.1-r0
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<3.177.1-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.177.1-r0
  • L
GHSA-pjwm-pj3p-43mv

<3.177.1-r0
  • L
GHSA-p77w-8qqv-26rm

<3.176.0-r0
  • L
CVE-2026-8723

<3.176.0-r0
  • L
GHSA-hm8q-7f3q-5f36

<3.176.0-r0
  • L
GHSA-q8mj-m7cp-5q26

<3.176.0-r0
  • L
GHSA-qp7p-654g-cw7p

<3.176.0-r0
  • L
Arbitrary Code Injection

<3.176.0-r0
  • L
Improper Validation of Specified Quantity in Input

<3.176.0-r0
  • L
Information Exposure Through Caching

<3.176.0-r0
  • L
GHSA-58qx-3vcg-4xpx

<3.175.0-r0
  • M
Cross-site Request Forgery (CSRF)

<3.175.0-r0
  • L
GHSA-jxxr-4gwj-5jf2

<3.175.0-r0
  • L
GHSA-jggg-4jg4-v7c6

<3.175.0-r0
  • H
Resource Exhaustion

<3.175.0-r0
  • L
GHSA-hcf7-66rw-9f5r

<3.175.0-r0
  • H
Use of Uninitialized Resource

<3.175.0-r0
  • H
Uncontrolled Recursion

<3.175.0-r0
  • L
GHSA-3qcw-2rhx-2726

<3.175.0-r0
  • C
Untrusted Search Path

<3.175.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.174.1-r0
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.174.1-r0
  • L
GHSA-w9j2-pvgh-6h63

<3.174.1-r0
  • L
GHSA-62hf-57xw-28j9

<3.174.1-r0
  • L
GHSA-pf86-5x62-jrwf

<3.174.1-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.174.1-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.174.1-r0
  • L
HTTP Response Splitting

<3.174.1-r0
  • M
Improper Authentication

<3.174.1-r0
  • L
GHSA-5c9x-8gcm-mpgx

<3.174.1-r0
  • L
Improper Handling of Exceptional Conditions

<3.174.1-r0
  • L
GHSA-m7pr-hjqh-92cm

<3.174.1-r0
  • L
CVE-2026-6322

<3.174.1-r0
  • L
GHSA-pmwg-cvhr-8vh7

<3.174.1-r0
  • L
GHSA-xhjh-pmcv-23jw

<3.174.1-r0
  • M
Cross-site Scripting (XSS)

<3.174.1-r0
  • L
GHSA-3644-q5cj-c5c7

<3.174.1-r0
  • L
CVE-2026-6321

<3.174.1-r0
  • L
GHSA-q7rr-3cgh-j5r3

<3.174.1-r0
  • H
Server-Side Request Forgery (SSRF)

<3.174.1-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.174.1-r0
  • L
GHSA-6chq-wfr3-2hj9

<3.174.1-r0
  • L
Improper Encoding or Escaping of Output

<3.174.1-r0
  • L
GHSA-v2v4-37r5-5v8g

<3.174.1-r0
  • H
Uncontrolled Recursion

<3.174.1-r0
  • L
Permissive Whitelist

<3.174.1-r0
  • L
GHSA-v39h-62p7-jpjc

<3.174.1-r0
  • L
GHSA-xx6v-rp6x-q39c

<3.174.1-r0
  • C
Permissive Whitelist

<3.174.1-r0
  • L
GHSA-q3j6-qgpj-74h6

<3.174.1-r0
  • L
Deserialization of Untrusted Data

<3.174.1-r0
  • L
GHSA-vf2m-468p-8v99

<3.174.1-r0
  • L
GHSA-445q-vr5w-6q77

<3.174.1-r0
  • L
CRLF Injection

<3.174.1-r0
  • L
GHSA-3w6x-2g7m-8v23

<3.174.1-r0
  • L
GHSA-q8qp-cvcw-x6jj

<3.174.1-r0
  • L
GHSA-qx2v-qp2m-jg93

<3.164.0-r7
  • L
GHSA-w5hq-g745-h8pq

<3.164.0-r7
  • L
XML Injection

<3.164.0-r7
  • H
Out-of-bounds Write

<3.164.0-r7
  • L
Cross-site Scripting (XSS)

<3.164.0-r7
  • L
GHSA-gh4j-gqv2-49f6

<3.164.0-r7
  • L
Information Exposure

<3.164.0-r3
  • L
GHSA-v9jr-rg53-9pgp

<3.164.0-r6
  • L
GHSA-h7mw-gpvr-xq4m

<3.164.0-r6
  • L
GHSA-39q2-94rc-95cp

<3.164.0-r6
  • L
Cross-site Scripting (XSS)

<3.164.0-r6
  • L
Cross-site Scripting (XSS)

<3.164.0-r6
  • M
Cross-site Scripting (XSS)

<3.164.0-r6
  • L
GHSA-crv5-9vww-q3g8

<3.164.0-r6
  • C
Arbitrary Code Injection

<3.164.0-r5
  • L
GHSA-xq3m-2v4x-88gg

<3.164.0-r5
  • M
HTTP Response Splitting

<3.164.0-r3
  • L
GHSA-chqc-8p9q-pq6q

<3.164.0-r3
  • L
Directory Traversal

<3.164.0-r3
  • L
GHSA-fw9q-39r9-c252

<3.164.0-r3
  • L
GHSA-3p68-rc4w-qgx5

<3.164.0-r3
  • L
GHSA-6v7q-wjvx-w8wg

<3.164.0-r3
  • L
CRLF Injection

<3.164.0-r3
  • M
Directory Traversal

<3.164.0-r3
  • L
GHSA-xf4j-xp2r-rqqx

<3.164.0-r3
  • L
GHSA-4w7w-66w2-5vf9

<3.164.0-r3
  • L
GHSA-458j-xx4x-4375

<3.164.0-r3
  • M
Directory Traversal

<3.164.0-r3
  • L
GHSA-fvcv-3m26-pcqx

<3.164.0-r3
  • L
GHSA-rr7j-v2q5-chgv

<3.164.0-r3
  • L
GHSA-26pp-8wgv-hjvm

<3.164.0-r3
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<3.164.0-r3
  • L
GHSA-r5rp-j6wh-rvv4

<3.164.0-r3
  • L
GHSA-r4q5-vmmm-2653

<3.164.0-r3
  • L
GHSA-wmmm-f939-6g9c

<3.164.0-r3
  • H
Directory Traversal

<3.164.0-r3
  • L
GHSA-xpcf-pg52-r92g

<3.164.0-r3
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.164.0-r3
  • L
Improper Input Validation

<3.164.0-r3
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<3.164.0-r3
  • L
GHSA-92pp-h63x-v22m

<3.164.0-r3
  • L
GHSA-c7w3-x93f-qmm8

<3.164.0-r3
  • L
GHSA-q4gf-8mx6-v5v3

<3.164.0-r3
  • L
GHSA-vvjj-xcjg-gr5g

<3.164.0-r3
  • L
GHSA-r5fr-rjxr-66jc

<3.164.0-r1
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.164.0-r1
  • H
Resource Exhaustion

<3.164.0-r1
  • L
GHSA-737v-mqg7-c878

<3.164.0-r1
  • L
CVE-2026-3449

<3.164.0-r1
  • C
CVE-2026-4800

<3.164.0-r1
  • M
CVE-2026-2950

<3.164.0-r1
  • L
GHSA-vpq2-c234-7xj6

<3.164.0-r1
  • L
GHSA-f886-m6hf-6m8v

<3.164.0-r1
  • L
GHSA-f23m-r3pf-42rh

<3.164.0-r1
  • L
Race Condition

<3.163.0-r0
  • L
Inefficient Regular Expression Complexity

<3.163.0-r0
  • L
GHSA-m56q-vw4c-c2cp

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-f7gr-6p89-r883

<3.163.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.163.0-r0
  • L
GHSA-38f7-945m-qr2g

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-crpf-4hrx-3jrp

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-3v7f-55p6-f55p

<3.163.0-r0
  • L
GHSA-phwv-c562-gvmh

<3.163.0-r0
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.163.0-r0
  • L
GHSA-c2c7-rcm5-vvqj

<3.163.0-r0
  • L
GHSA-rv83-g57w-fr8j

<3.162.0-r1
  • L
GHSA-46wh-pxpv-q5gq

<3.162.0-r1
  • L
Cross-site Scripting (XSS)

<3.162.0-r1
  • L
GHSA-j4j7-vw47-rhfq

<3.162.0-r1
  • L
GHSA-25h7-pfq9-p65f

<3.162.0-r1
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.162.0-r1
  • L
GHSA-8jvr-vh7g-f8gx

<3.162.0-r1
  • C
CVE-2025-68121

<3.162.0-r1
  • L
Uncontrolled Recursion

<3.162.0-r1
  • L
Improper Validation of Specified Quantity in Input

<3.162.0-r1
  • L
Allocation of Resources Without Limits or Throttling

<3.162.0-r1
  • L
GHSA-rf6f-7fwh-wjgh

<3.162.0-r1
  • L
Direct Request ('Forced Browsing')

<3.162.0-r1
  • L
GHSA-h355-32pf-p2xm

<3.162.0-r1
  • L
GHSA-8cpq-38p9-67gx

<3.162.0-r1
  • L
GHSA-jp2q-39xq-3w4g

<3.162.0-r1
  • L
SQL Injection

<3.162.0-r1
  • L
SQL Injection

<3.162.0-r1
  • L
CVE-2025-61732

<3.162.0-r1
  • L
GHSA-j3gx-2473-5fp8

<3.162.0-r1
  • L
GHSA-wmrf-hv6w-mr66

<3.162.0-r1
  • L
Directory Traversal

<3.162.0-r1
  • L
GHSA-ggv3-7p47-pfv8

<3.162.0-r0
  • L
GHSA-3x4c-7xq6-9pq8

<3.162.0-r0
  • H
Resource Exhaustion

<3.162.0-r0
  • M
HTTP Request Smuggling

<3.162.0-r0
  • L
Incorrect Authorization

<3.160.0-r1
  • M
Cross-site Scripting (XSS)

<3.160.0-r1
  • L
GHSA-v2wj-7wpq-c8vv

<3.160.0-r1
  • L
GHSA-wc8c-qw6v-h7f6

<3.160.0-r1
  • M
Cross-site Scripting (XSS)

<3.160.0-r1
  • L
GHSA-v8jm-5vwx-cfxm

<3.160.0-r1
  • L
GHSA-v8w9-8mx6-g223

<3.158.0-r0
  • L
GHSA-5c6j-r48x-rmvq

<3.156.0-r0
  • C
Directory Traversal

<3.155.1-r3
  • L
GHSA-5rq4-664w-9x2c

<3.155.1-r3
  • L
GHSA-mw96-cpmx-2vgc

<3.155.1-r3
  • C
Directory Traversal

<3.155.1-r3
  • L
GHSA-38r7-794h-5758

<3.155.1-r2
  • L
Server-Side Request Forgery (SSRF)

<3.155.1-r2
  • L
GHSA-8fgc-7cc6-rx7x

<3.155.1-r2
  • L
Server-Side Request Forgery (SSRF)

<3.155.1-r2
  • L
Inefficient Regular Expression Complexity

<3.155.1-r1
  • L
GHSA-gq3j-xvxp-8hrf

<3.155.1-r1
  • L
GHSA-3ppc-4f35-3m26

<3.155.1-r1
  • H
CVE-2026-2391

<3.155.1-r1
  • H
Inefficient Regular Expression Complexity

<3.155.1-r1
  • L
GHSA-2g4f-4pwh-qvx6

<3.155.1-r1
  • L
GHSA-w7fw-mjwx-w883

<3.155.1-r1
  • L
GHSA-43fc-jf86-j433

<3.153.0-r1
  • L
GHSA-37qj-frw5-hhjh

<3.153.0-r1
  • L
Server-Side Request Forgery (SSRF)

<3.153.0-r1
  • L
Improper Check for Unusual or Exceptional Conditions

<3.153.0-r1
  • L
Improper Input Validation

<3.153.0-r1
  • L
GHSA-v34v-rq6j-cj6p

<3.153.0-r1
  • M
Incorrect Regular Expression

<3.152.0-r0
  • L
GHSA-345p-7cg4-v4c7

<3.152.0-r0
  • L
GHSA-w332-q679-j88p

<3.152.0-r0
  • M
Cross-site Scripting (XSS)

<3.152.0-r0
  • L
GHSA-h25m-26qc-wcjf

<3.152.0-r0
  • L
GHSA-r354-f388-2fhh

<3.152.0-r0
  • M
Information Exposure

<3.152.0-r0
  • L
GHSA-9r54-q6cx-xmh5

<3.152.0-r0
  • L
Race Condition

<3.152.0-r0
  • L
Information Exposure Through Caching

<3.152.0-r0
  • L
GHSA-9g9p-9gw9-jx7f

<3.152.0-r0
  • H
CVE-2025-59471

<3.152.0-r0
  • L
GHSA-6wqw-2p9w-4vw4

<3.152.0-r0
  • L
GHSA-5f7q-jpqc-wp7h

<3.150.0-r0
  • H
CVE-2025-59472

<3.150.0-r0
  • L
Out-of-bounds Write

<3.150.0-r0
  • L
GHSA-gr56-3gp6-6gmj

<3.150.0-r0
  • L
GHSA-xvqr-69v8-f3gv

<3.150.0-r0
  • L
CVE-2025-61731

<3.150.0-r0
  • L
GHSA-cm6p-qc7v-m3jw

<3.150.0-r0
  • L
CVE-2025-61730

<3.150.0-r0
  • L
GHSA-xxjr-mmjv-4gpg

<3.147.0-r1
  • M
CVE-2025-13465

<3.147.0-r1
  • L
GHSA-73rr-hh4g-fpgx

<3.147.0-r1
  • H
Allocation of Resources Without Limits or Throttling

<3.147.0-r1
  • H
Resource Exhaustion

<3.147.0-r1
  • L
GHSA-g9mf-h72j-4rw9

<3.147.0-r1
  • L
GHSA-3vhc-576x-3qv4

<3.146.0-r1
  • M
Improper Verification of Cryptographic Signature

<3.146.0-r1
  • M
Improper Verification of Cryptographic Signature

<3.146.0-r1
  • L
GHSA-f67f-6cw9-8mq4

<3.146.0-r1
  • L
GHSA-6475-r3vj-m8vf

<3.146.0-r1
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<3.146.0-r0
  • L
GHSA-36hm-qxxp-pg3m

<3.146.0-r0
  • L
GHSA-8r9q-7v3j-jr4g

<3.145.0-r0
  • H
Inefficient Regular Expression Complexity

<3.145.0-r0
  • L
GHSA-7c64-f9jr-v9h2

<3.135.1-r1
  • L
Improper Certificate Validation

<3.135.1-r1
  • L
CVE-2025-15284

<3.144.0-r0
  • L
GHSA-6rw7-vpxm-498p

<3.144.0-r0
  • L
GHSA-43p4-m455-4f4j

<3.141.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.141.0-r0
  • L
GHSA-mwv6-3258-q52c

<3.140.0-r0
  • L
GHSA-w37m-7fhw-fmv9

<3.140.0-r0
  • L
Improper Verification of Cryptographic Signature

<3.138.0-r0
  • L
CVE-2025-66478

<3.138.0-r0
  • L
GHSA-9qr9-h5gf-34mp

<3.138.0-r0
  • L
GHSA-869p-cjfg-cm3x

<3.138.0-r0