Building applications with LLMs through composability
langchain has critical vulnerabilities — do not use
Update to >= 1.4.6 to fix known vulnerabilities
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| critical | CVE-2023-39631 | Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library | 2.8.5 |
| medium | CVE-2026-55443 | LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders | 1.4.6 |
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/pypi/langchainLast updated · 2026-07-16T13:28:16.498254Z