langchain-core 1.0.2

Direct Vulnerabilities

Known vulnerabilities in the langchain-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `load` process. An attacker can instantiate trusted classes with untrusted constructor arguments by submitting specially crafted serialized payloads as structured input, which are then deserialized. This can lead to persistent data poisoning, prompt injection, behavior manipulation, credential disclosure, or unintended server-side requests if the deserialized objects perform sensitive actions during initialization. How to fix Deserialization of Untrusted Data? Upgrade `langchain-core` to version 0.3.85, 1.3.3 or higher.	[,0.3.85)[1.0.0a1,1.3.3)
M Improper Neutralization of Special Elements Used in a Template Engine langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the template formatting. An attacker can access internal object fields or nested data by supplying specially crafted template strings that include attribute access or indexing expressions, which are evaluated during formatting. How to fix Improper Neutralization of Special Elements Used in a Template Engine? Upgrade `langchain-core` to version 0.3.84, 1.2.28 or higher.	[,0.3.84)[0.4.0.dev0,1.2.28)
H Directory Traversal langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Directory Traversal via the `load_prompt`, `load_prompt_from_config`, or `.save()` methods on prompt classes. An attacker can access arbitrary files on the host filesystem by supplying crafted configuration data that includes absolute paths or directory traversal sequences. This allows reading files with specific extensions such as `.txt`, `.json`, or `.yaml` outside the intended directory structure. How to fix Directory Traversal? Upgrade `langchain-core` to version 0.3.86, 1.2.22 or higher.	[,0.3.86)[0.4.0.dev0,1.2.22)
C Deserialization of Untrusted Data langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `dumps` and `dumpd` functions when user-controlled data containing the `lc` key is serialized and later deserialized. This key is intended to be reserved for internal objects. An attacker can extract environment variable secrets or instantiate classes with attacker-controlled parameters by injecting specially crafted structures into user-controlled fields, which are then treated as legitimate objects during deserialization. Common usages that enable this vulnerability are LLM response fields like `additional_kwargs` or `response_metadata`, which may be an injection vector. Note: This is only exploitable if deserialization occurs with `secrets_from_env=True`, which is the default setting, or if attacker-controlled data is passed to the serialization and deserialization process. How to fix Deserialization of Untrusted Data? Upgrade `langchain-core` to version 0.3.81, 1.2.5 or higher.	[,0.3.81)[0.4.0.dev0,1.2.5)
H Template Injection langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to `ChatPromptTemplate` and related prompt template classes. Note: The vulnerability specifically requires that applications accept template strings (the structure) from untrusted sources, not just template variables (the data). Most applications either do not use templates or else use hardcoded templates and are not vulnerable. How to fix Template Injection? Upgrade `langchain-core` to version 0.3.80, 1.0.7 or higher.	[,0.3.80)[0.4.0.dev0,1.0.7)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load process. An attacker can instantiate trusted classes with untrusted constructor arguments by submitting specially crafted serialized payloads as structured input, which are then deserialized. This can lead to persistent data poisoning, prompt injection, behavior manipulation, credential disclosure, or unintended server-side requests if the deserialized objects perform sensitive actions during initialization.

How to fix Deserialization of Untrusted Data?

Upgrade langchain-core to version 0.3.85, 1.3.3 or higher.

[,0.3.85)[1.0.0a1,1.3.3)

Improper Neutralization of Special Elements Used in a Template Engine

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the template formatting. An attacker can access internal object fields or nested data by supplying specially crafted template strings that include attribute access or indexing expressions, which are evaluated during formatting.

How to fix Improper Neutralization of Special Elements Used in a Template Engine?

Upgrade langchain-core to version 0.3.84, 1.2.28 or higher.

[,0.3.84)[0.4.0.dev0,1.2.28)

Directory Traversal

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Directory Traversal via the load_prompt, load_prompt_from_config, or .save() methods on prompt classes. An attacker can access arbitrary files on the host filesystem by supplying crafted configuration data that includes absolute paths or directory traversal sequences. This allows reading files with specific extensions such as .txt, .json, or .yaml outside the intended directory structure.

How to fix Directory Traversal?

Upgrade langchain-core to version 0.3.86, 1.2.22 or higher.

[,0.3.86)[0.4.0.dev0,1.2.22)

Deserialization of Untrusted Data

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key is intended to be reserved for internal objects. An attacker can extract environment variable secrets or instantiate classes with attacker-controlled parameters by injecting specially crafted structures into user-controlled fields, which are then treated as legitimate objects during deserialization.

Common usages that enable this vulnerability are LLM response fields like additional_kwargs or response_metadata, which may be an injection vector.

Note: This is only exploitable if deserialization occurs with secrets_from_env=True, which is the default setting, or if attacker-controlled data is passed to the serialization and deserialization process.

How to fix Deserialization of Untrusted Data?

Upgrade langchain-core to version 0.3.81, 1.2.5 or higher.

[,0.3.81)[0.4.0.dev0,1.2.5)

Template Injection

langchain-core is a Building applications with LLMs through composability

Affected versions of this package are vulnerable to Template Injection in the prompt template system. An attacker can access internal Python object attributes by submitting specially crafted template strings to ChatPromptTemplate and related prompt template classes.

Note: The vulnerability specifically requires that applications accept template strings (the structure) from untrusted sources, not just template variables (the data).

Most applications either do not use templates or else use hardcoded templates and are not vulnerable.

How to fix Template Injection?

Upgrade langchain-core to version 0.3.80, 1.0.7 or higher.

[,0.3.80)[0.4.0.dev0,1.0.7)

langchain-core@1.0.2

Building applications with LLMs through composability

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically