{"package":"LangChain","ecosystem":"pypi","latest_version":"1.2.15","description":"Building applications with LLMs through composability","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pypi.org/project/langchain/","repository":"https://github.com/langchain-ai/langchain","downloads_weekly":0,"health":{"score":65,"risk":"moderate","breakdown":{"maintenance":25,"popularity":0,"security":15,"maturity":15,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2023-39631","severity":"critical","summary":"Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library","affected_versions":"<0.0.308|<2.8.5|=0.0.1|=0.0.10|=0.0.100|=0.0.101|=0.0.101rc0|=0.0.102|=0.0.102rc0|=0.0.103|=0.0.104|=0.0.105|=0.0.106|=0.0.107|=0.0.108|=0.0.109|=0.0.11|=0.0.110|=0.0.111|=0.0.112|=0.0.113|=0.0.114|=0.0.115|=0.0.116|=0.0.117|=0.0.118|=0.0.119|=0.0.12|=0.0.120|=0.0.121|=0.0.122|=0.0.123|=0.0.124|=0.0.125|=0.0.126|=0.0.127|=0.0.128|=0.0.129|=0.0.13|=0.0.130|=0.0.131|=0.0.132|=0.0.133|=0.0.134|=0.0.135|=0.0.136|=0.0.137|=0.0.138|=0.0.139|=0.0.14|=0.0.140|=0.0.141|=0.0.142|=0.0.143|=0.0.144|=0.0.145|=0.0.146|=0.0.147|=0.0.148|=0.0.149|=0.0.15|=0.0.150|=0.0.151|=0.0.152|=0.0.153|=0.0.154|=0.0.155|=0.0.156|=0.0.157|=0.0.158|=0.0.159|=0.0.16|=0.0.160|=0.0.161|=0.0.162|=0.0.163|=0.0.164|=0.0.165|=0.0.166|=0.0.167|=0.0.168|=0.0.169|=0.0.17|=0.0.170|=0.0.171|=0.0.172|=0.0.173|=0.0.174|=0.0.175|=0.0.176|=0.0.177|=0.0.178|=0.0.179|=0.0.18|=0.0.180|=0.0.181|=0.0.182|=0.0.183|=0.0.184|=0.0.185|=0.0.186|=0.0.187|=0.0.188|=0.0.189|=0.0.19|=0.0.190|=0.0.191|=0.0.192|=0.0.193|=0.0.194|=0.0.195|=0.0.196|=0.0.197|=0.0.198|=0.0.199|=0.0.2|=0.0.20|=0.0.200|=0.0.201|=0.0.202|=0.0.203|=0.0.204|=0.0.205|=0.0.206|=0.0.207|=0.0.208|=0.0.209|=0.0.21|=0.0.210|=0.0.211|=0.0.212|=0.0.213|=0.0.214|=0.0.215|=0.0.216|=0.0.217|=0.0.218|=0.0.219|=0.0.22|=0.0.220|=0.0.221|=0.0.222|=0.0.223|=0.0.224|=0.0.225|=0.0.226|=0.0.227|=0.0.228|=0.0.229|=0.0.23|=0.0.230|=0.0.231|=0.0.232|=0.0.233|=0.0.234|=0.0.235|=0.0.236|=0.0.237|=0.0.238|=0.0.239|=0.0.24|=0.0.240|=0.0.240rc0|=0.0.240rc1|=0.0.240rc4|=0.0.242|=0.0.243|=0.0.244|=0.0.245|=0.0.246|=0.0.247|=0.0.248|=0.0.249|=0.0.25|=0.0.250|=0.0.251|=0.0.252|=0.0.253|=0.0.254|=0.0.255|=0.0.256|=0.0.257|=0.0.258|=0.0.259|=0.0.26|=0.0.260|=0.0.261|=0.0.262|=0.0.263|=0.0.264|=0.0.265|=0.0.266|=0.0.267|=0.0.268|=0.0.269|=0.0.27|=0.0.270|=0.0.271|=0.0.272|=0.0.273|=0.0.274|=0.0.275|=0.0.276|=0.0.277|=0.0.278|=0.0.279|=0.0.28|=0.0.281|=0.0.283|=0.0.284|=0.0.285|=0.0.286|=0.0.287|=0.0.288|=0.0.289|=0.0.29|=0.0.290|=0.0.291|=0.0.292|=0.0.293|=0.0.294|=0.0.295|=0.0.296|=0.0.297|=0.0.298|=0.0.299|=0.0.3|=0.0.30|=0.0.300|=0.0.301|=0.0.302|=0.0.303|=0.0.304|=0.0.305|=0.0.306|=0.0.307|=0.0.31|=0.0.32|=0.0.33|=0.0.34|=0.0.35|=0.0.36|=0.0.37|=0.0.38|=0.0.39|=0.0.4|=0.0.40|=0.0.41|=0.0.42|=0.0.43|=0.0.44|=0.0.45|=0.0.46|=0.0.47|=0.0.48|=0.0.49|=0.0.5|=0.0.50|=0.0.51|=0.0.52|=0.0.53|=0.0.54|=0.0.55|=0.0.56|=0.0.57|=0.0.58|=0.0.59|=0.0.6|=0.0.60|=0.0.61|=0.0.63|=0.0.64|=0.0.65|=0.0.66|=0.0.67|=0.0.68|=0.0.69|=0.0.7|=0.0.70|=0.0.71|=0.0.72|=0.0.73|=0.0.74|=0.0.75|=0.0.76|=0.0.77|=0.0.78|=0.0.79|=0.0.8|=0.0.80|=0.0.81|=0.0.82|=0.0.83|=0.0.84|=0.0.85|=0.0.86|=0.0.87|=0.0.88|=0.0.89|=0.0.9|=0.0.90|=0.0.91|=0.0.92|=0.0.93|=0.0.94|=0.0.95|=0.0.96|=0.0.97|=0.0.98|=0.0.99|=0.0.99rc0|=1.1.1|=1.2|=1.3|=1.3.1|=1.4|=1.4.1|=1.4.2|=2.0|=2.0.1|=2.1|=2.2|=2.2.1|=2.2.2|=2.3|=2.3-rc1|=2.3.1|=2.4|=2.4-rc1|=2.4-rc2|=2.4.1|=2.4.2|=2.4.3|=2.4.4|=2.4.5|=2.4.6|=2.5|=2.5.1|=2.5.2|=2.6.0|=2.6.1|=2.6.2|=2.6.3|=2.6.4|=2.6.5|=2.6.6|=2.6.6.dev0|=2.6.7|=2.6.8|=2.6.9|=2.7.0|=2.7.1|=2.7.2|=2.7.3|=2.8.0|=2.8.1|=2.8.3|=2.8.4","fixed_version":"2.8.5","source":"osv","published_at":"2023-09-01T18:30:41Z","in_kev":false,"epss_prob":0.01583,"epss_percentile":0.81662,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.2.15","total_count":486,"recent":["1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.2.10","1.2.11","1.2.12","1.2.13","1.2.14","1.2.15"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-03T14:26:02.557339Z","dependencies_count":20,"dependencies":["langchain-core<2.0.0,>=1.2.10","langgraph<1.2.0,>=1.1.5","pydantic<3.0.0,>=2.7.4","langchain-anthropic; extra == \"anthropic\"","langchain-aws; extra == \"aws\"","langchain-azure-ai; extra == \"azure-ai\"","langchain-baseten>=0.2.0; extra == \"baseten\"","langchain-community; extra == \"community\"","langchain-deepseek; extra == \"deepseek\"","langchain-fireworks; extra == \"fireworks\"","langchain-google-genai; extra == \"google-genai\"","langchain-google-vertexai; extra == \"google-vertexai\"","langchain-groq; extra == \"groq\"","langchain-huggingface; extra == \"huggingface\"","langchain-mistralai; extra == \"mistralai\"","langchain-ollama; extra == \"ollama\"","langchain-openai; extra == \"openai\"","langchain-perplexity; extra == \"perplexity\"","langchain-together; extra == \"together\"","langchain-xai; extra == \"xai\""]},"github_stats":{"stars":133705,"forks":22094,"open_issues":535,"is_archived":false,"pushed_at":"2026-04-16T02:11:53+00:00"},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"1.2.15","version_hint":"Update to >= 2.8.5 to fix known vulnerabilities","summary":"LangChain has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":true,"criticality_score":0.509,"criticality_tier":"high","velocity_pct":0.0,"velocity_trend":"stable","publish_security":null},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":25,"avg_days_between_releases":null,"release_velocity":"active"},"popularity_warning":{"this_ecosystem_downloads":0,"more_popular_in":{"ecosystem":"npm","downloads_weekly":2097133},"hint":"This is the pypi package 'LangChain' (0 dl/week). A much more popular package with the same name exists in npm (2,097,133 dl/week). Confirm you queried the right ecosystem."}}