Homepage

langfuse-3

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the langfuse-3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Uncontrolled Recursion

<3.164.0-r7
  • L
GHSA-48c2-rrv3-qjmp

<3.164.0-r7
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.164.0-r6
  • L
GHSA-xq3m-2v4x-88gg

<3.164.0-r6
  • C
Arbitrary Code Injection

<3.164.0-r6
  • L
GHSA-rr7j-v2q5-chgv

<3.164.0-r6
  • L
GHSA-39q2-94rc-95cp

<3.164.0-r6
  • L
GHSA-fw9q-39r9-c252

<3.164.0-r6
  • L
GHSA-q4gf-8mx6-v5v3

<3.164.0-r6
  • L
GHSA-r4q5-vmmm-2653

<3.164.0-r6
  • L
GHSA-458j-xx4x-4375

<3.164.0-r5
  • L
GHSA-wmmm-f939-6g9c

<3.164.0-r5
  • M
Directory Traversal

<3.164.0-r5
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<3.164.0-r5
  • L
GHSA-chqc-8p9q-pq6q

<3.164.0-r5
  • L
GHSA-26pp-8wgv-hjvm

<3.164.0-r5
  • M
Directory Traversal

<3.164.0-r5
  • L
Improper Input Validation

<3.164.0-r5
  • L
GHSA-xf4j-xp2r-rqqx

<3.164.0-r5
  • L
GHSA-6v7q-wjvx-w8wg

<3.164.0-r5
  • L
GHSA-r5rp-j6wh-rvv4

<3.164.0-r5
  • L
Directory Traversal

<3.164.0-r5
  • H
Directory Traversal

<3.164.0-r5
  • L
GHSA-xpcf-pg52-r92g

<3.164.0-r5
  • L
CRLF Injection

<3.164.0-r5
  • L
GHSA-4w7w-66w2-5vf9

<3.164.0-r5
  • L
GHSA-92pp-h63x-v22m

<3.164.0-r5
  • L
GHSA-fvcv-3m26-pcqx

<3.164.0-r5
  • M
HTTP Response Splitting

<3.164.0-r5
  • L
GHSA-3p68-rc4w-qgx5

<3.164.0-r5
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<3.164.0-r5
  • L
GHSA-c7w3-x93f-qmm8

<3.164.0-r5
  • L
GHSA-vvjj-xcjg-gr5g

<3.164.0-r5
  • C
CVE-2026-4800

<3.164.0-r1
  • L
GHSA-vpq2-c234-7xj6

<3.164.0-r1
  • M
CVE-2026-2950

<3.164.0-r1
  • H
Resource Exhaustion

<3.164.0-r1
  • L
GHSA-737v-mqg7-c878

<3.164.0-r1
  • L
GHSA-r5fr-rjxr-66jc

<3.164.0-r1
  • L
CVE-2026-3449

<3.164.0-r1
  • L
GHSA-f23m-r3pf-42rh

<3.164.0-r1
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.164.0-r1
  • L
GHSA-f886-m6hf-6m8v

<3.164.0-r1
  • L
GHSA-8cpq-38p9-67gx

<3.163.0-r0
  • L
GHSA-38f7-945m-qr2g

<3.163.0-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.163.0-r0
  • L
CVE-2025-61732

<3.163.0-r0
  • L
GHSA-j3gx-2473-5fp8

<3.163.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<3.163.0-r0
  • L
GHSA-f7gr-6p89-r883

<3.163.0-r0
  • L
Direct Request ('Forced Browsing')

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-wmrf-hv6w-mr66

<3.163.0-r0
  • L
GHSA-rf6f-7fwh-wjgh

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-25h7-pfq9-p65f

<3.163.0-r0
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<3.163.0-r0
  • L
GHSA-46wh-pxpv-q5gq

<3.163.0-r0
  • L
SQL Injection

<3.163.0-r0
  • L
Race Condition

<3.163.0-r0
  • L
GHSA-crpf-4hrx-3jrp

<3.163.0-r0
  • L
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
GHSA-m56q-vw4c-c2cp

<3.163.0-r0
  • L
GHSA-h355-32pf-p2xm

<3.163.0-r0
  • L
GHSA-jp2q-39xq-3w4g

<3.163.0-r0
  • M
Cross-site Scripting (XSS)

<3.163.0-r0
  • L
Directory Traversal

<3.163.0-r0
  • L
GHSA-rv83-g57w-fr8j

<3.163.0-r0
  • L
Uncontrolled Recursion

<3.163.0-r0
  • L
Improper Validation of Specified Quantity in Input

<3.163.0-r0
  • L
GHSA-8jvr-vh7g-f8gx

<3.163.0-r0
  • L
GHSA-phwv-c562-gvmh

<3.163.0-r0
  • C
CVE-2025-68121

<3.163.0-r0
  • L
SQL Injection

<3.163.0-r0
  • L
GHSA-j4j7-vw47-rhfq

<3.163.0-r0
  • L
GHSA-ggv3-7p47-pfv8

<3.162.0-r1
  • H
Resource Exhaustion

<3.162.0-r1
  • L
GHSA-3x4c-7xq6-9pq8

<3.162.0-r1
  • M
HTTP Request Smuggling

<3.162.0-r1
  • L
Incorrect Authorization

<3.160.0-r1
  • L
GHSA-wc8c-qw6v-h7f6

<3.160.0-r1
  • M
Cross-site Scripting (XSS)

<3.160.0-r1
  • L
GHSA-v8jm-5vwx-cfxm

<3.160.0-r1
  • L
GHSA-v2wj-7wpq-c8vv

<3.160.0-r1
  • M
Cross-site Scripting (XSS)

<3.160.0-r1
  • L
GHSA-v8w9-8mx6-g223

<3.158.0-r0
  • L
GHSA-5c6j-r48x-rmvq

<3.155.1-r4
  • C
Directory Traversal

<3.155.1-r3
  • H
Inefficient Regular Expression Complexity

<3.155.1-r2
  • L
CVE-2025-61730

<3.149.0-r1
  • L
GHSA-9r54-q6cx-xmh5

<3.153.0-r0
  • L
GHSA-gr56-3gp6-6gmj

<3.149.0-r1
  • L
GHSA-r354-f388-2fhh

<3.153.0-r0
  • L
Race Condition

<3.153.0-r0
  • L
GHSA-8fgc-7cc6-rx7x

<3.155.1-r2
  • L
CVE-2025-66478

<3.137.0-r0
  • L
GHSA-9qr9-h5gf-34mp

<3.137.0-r0
  • L
GHSA-3vhc-576x-3qv4

<3.146.0-r1
  • H
CVE-2025-59471

<3.153.0-r0
  • L
GHSA-h25m-26qc-wcjf

<3.153.0-r0
  • H
CVE-2025-59472

<3.150.0-r0
  • M
Information Exposure

<3.153.0-r0
  • M
Improper Verification of Cryptographic Signature

<3.146.0-r1
  • L
GHSA-mwv6-3258-q52c

<3.140.0-r0
  • L
Improper Check for Unusual or Exceptional Conditions

<3.153.0-r2
  • L
GHSA-f67f-6cw9-8mq4

<3.146.0-r1
  • L
CVE-2025-61731

<3.149.0-r1
  • L
GHSA-37qj-frw5-hhjh

<3.153.0-r2
  • L
GHSA-6475-r3vj-m8vf

<3.146.0-r1
  • L
GHSA-w37m-7fhw-fmv9

<3.140.0-r0
  • L
GHSA-v34v-rq6j-cj6p

<3.153.0-r2
  • L
GHSA-w7fw-mjwx-w883

<3.155.1-r2
  • H
CVE-2026-2391

<3.155.1-r2
  • M
Access of Resource Using Incompatible Type ('Type Confusion')

<3.146.0-r0
  • L
GHSA-36hm-qxxp-pg3m

<3.146.0-r0
  • L
GHSA-6wqw-2p9w-4vw4

<3.153.0-r0
  • L
GHSA-43fc-jf86-j433

<3.153.0-r2
  • M
CVE-2025-66400

<3.137.0-r1
  • H
Insecure Default Initialization of Resource

<3.137.0-r1
  • L
GHSA-w48q-cv73-mx4w

<3.137.0-r1
  • L
GHSA-4fh9-h7wg-q85m

<3.137.0-r1
  • M
Cross-site Scripting (XSS)

<3.153.0-r0
  • L
Information Exposure Through Caching

<3.153.0-r0
  • M
Incorrect Regular Expression

<3.153.0-r0
  • L
Inefficient Regular Expression Complexity

<3.155.1-r2
  • L
GHSA-869p-cjfg-cm3x

<3.138.0-r0
  • L
Out-of-bounds Write

<3.149.0-r1
  • L
GHSA-rcmh-qjqh-p98v

<3.135.1-r2
  • L
Improper Verification of Cryptographic Signature

<3.138.0-r0
  • H
Improper Check or Handling of Exceptional Conditions

<3.135.1-r2
  • L
Improper Input Validation

<3.153.0-r2
  • L
GHSA-gq3j-xvxp-8hrf

<3.155.1-r2
  • L
Server-Side Request Forgery (SSRF)

<3.153.0-r2
  • L
GHSA-g9mf-h72j-4rw9

<3.146.0-r2
  • C
Directory Traversal

<3.155.1-r3
  • L
Server-Side Request Forgery (SSRF)

<3.155.1-r2
  • L
GHSA-cm6p-qc7v-m3jw

<3.149.0-r1
  • M
CVE-2025-13465

<3.146.0-r2
  • H
Resource Exhaustion

<3.146.0-r2
  • L
GHSA-xvqr-69v8-f3gv

<3.149.0-r1
  • L
GHSA-43p4-m455-4f4j

<3.141.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.141.0-r0
  • L
Server-Side Request Forgery (SSRF)

<3.155.1-r2
  • L
GHSA-38r7-794h-5758

<3.155.1-r2
  • L
GHSA-5rq4-664w-9x2c

<3.155.1-r3
  • L
GHSA-3ppc-4f35-3m26

<3.155.1-r2
  • L
GHSA-2g4f-4pwh-qvx6

<3.155.1-r2
  • L
GHSA-9g9p-9gw9-jx7f

<3.153.0-r0
  • L
GHSA-73rr-hh4g-fpgx

<3.146.0-r2
  • L
CVE-2025-15284

<3.143.0-r1
  • L
GHSA-345p-7cg4-v4c7

<3.153.0-r0
  • L
GHSA-xxjr-mmjv-4gpg

<3.146.0-r2
  • L
GHSA-5f7q-jpqc-wp7h

<3.150.0-r0
  • L
GHSA-w332-q679-j88p

<3.153.0-r0
  • L
GHSA-mw96-cpmx-2vgc

<3.155.1-r3
  • H
Allocation of Resources Without Limits or Throttling

<3.146.0-r2
  • M
Improper Verification of Cryptographic Signature

<3.146.0-r1
  • L
GHSA-6rw7-vpxm-498p

<3.143.0-r1