Is langchain safe to use?

langchain has 1 known vulnerabilities on the latest version (1.3.2). DepScope rates its health at 40/100 (high risk).

What is the latest version of langchain?

The latest version of langchain is 1.3.2, released 2026-05-26.

Does langchain have known vulnerabilities?

Yes. langchain has 1 known vulnerabilities. See depscope.dev/pkg/pypi/langchain for details.

Is langchain deprecated?

No, langchain is actively maintained. Latest release: 1.3.2 (2026-05-26).

What are alternatives to langchain?

Popular alternatives to langchain in PyPI include: boto3, packaging, certifi, urllib3, idna.

What license does langchain use?

langchain is licensed under MIT.

langchain

pypiv1.3.2

Building applications with LLMs through composability

License MITpermissive496 versions20 deps78,648,506 weekly dl

langchain-ai/langchain

/ 100

Health

do not use

langchain has critical vulnerabilities — do not use

Update to >= 2.8.5 to fix known vulnerabilities

Moderate health score (40/100) — verify manually
1 critical vulnerabilities

Health breakdown0 – 100

25/25

maintenance

20/20

popularity

15/25

security

15/15

maturity

10/15

community

0/15

popularity_floor

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2023-39631	Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library	2.8.5

OSS Scorecard

OpenSSF security posture score

6.4/10

moderate

Maintainer trust

Active maintainers (3m)

9

Contributors (12m)

9

Primary author dominance

43%

GitHub stars

134,405

Quality signals

OSS Criticality

0.51high

Download trend

stable(0%)

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/langchain