{"package":"langchain","ecosystem":"conda","latest_version":"1.2.15","description":"Building applications with LLMs through composability","license":"MIT","homepage":"https://github.com/langchain-ai/langchain","repository":"","downloads_weekly":6923,"health":{"score":69,"risk":"moderate","breakdown":{"maintenance":25,"popularity":6,"security":21,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2023-39631","severity":"medium","summary":"Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library","affected_versions":">=0","fixed_version":"2.8.5","source":"osv","published_at":"2023-09-01T18:30:41Z","in_kev":false,"epss_prob":0.01583,"epss_percentile":0.81626,"threat_tier":"theoretical"},{"vuln_id":"CVE-2023-29374","severity":"medium","summary":"LangChain vulnerable to code injection","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2023-04-05T03:30:17Z","in_kev":false,"epss_prob":0.03769,"epss_percentile":0.88061,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.2.15","total_count":199,"recent":["1.0.8","1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.6","1.2.7","1.2.8","1.2.9","1.2.10","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2023-04-10 14:04:24.657000+00:00","last_published":"2026-04-06 06:49:18.458000+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.2.15","version_hint":"Update to >= 2.8.5 to fix known vulnerabilities","summary":"langchain@1.2.15 is safe to use (health: 69/100)"},"requested_version":null,"_cache":"miss","_response_ms":1073,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}