langchain-0.3.7-py3-none-any.whl: 3 vulnerabilities (highest severity is: 7.5)

[mend-for-github-com]

Vulnerable Library - langchain-0.3.7-py3-none-any.whl

Building applications with LLMs through composability

Library home page: https://files.pythonhosted.org/packages/49/09/72630413a7ded27684e33392a0ff52ff1c8ea6749fee641319e75f82072b/langchain-0.3.7-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain-0.3.7-py3-none-any.whl

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Vulnerabilities

Vulnerability	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (langchain version)	Remediation Possible**	Reachability
CVE-2025-6985	High	7.5	Not Defined	0.8%	langchain_text_splitters-0.3.2-py3-none-any.whl	Transitive	0.3.8	✅	Unreachable
CVE-2025-67221	High	7.5	Not Defined	0.1%	orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	Transitive	0.3.8	✅	Unreachable
CVE-2024-58340	High	7.5	Not Defined	0.1%	langchain-0.3.7-py3-none-any.whl	Direct	N/A	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2025-6985

Vulnerable Library - langchain_text_splitters-0.3.2-py3-none-any.whl

LangChain text splitting utilities

Library home page: https://files.pythonhosted.org/packages/ee/c6/5ba25c8bad647e92a92b3066177ab10d78efbd16c0b9919948cdcd18b027/langchain_text_splitters-0.3.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain_text_splitters-0.3.2-py3-none-any.whl

Dependency Hierarchy:

• langchain-0.3.7-py3-none-any.whl (Root Library)
  • ❌ langchain_text_splitters-0.3.2-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are parsed using lxml.etree.parse() and lxml.etree.XSLT() without any hardening measures. In lxml versions up to 4.9.x, external entities are resolved by default, allowing attackers to read arbitrary local files or perform outbound HTTP(S) fetches. In lxml versions 5.0 and above, while entity expansion is disabled, the XSLT document() function can still read any URI unless XSLTAccessControl is applied. This vulnerability allows remote attackers to gain read-only access to any file the LangChain process can reach, including sensitive files such as SSH keys, environment files, source code, or cloud metadata. No authentication, special privileges, or user interaction are required, and the issue is exploitable in default deployments that enable custom XSLT.

Publish Date: 2025-10-06

URL: CVE-2025-6985

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.8%

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-m42m-m8cr-8m58

Release Date: 2025-10-06

Fix Resolution (langchain-text-splitters): 0.3.9

Direct dependency fix Resolution (langchain): 0.3.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2025-67221

Vulnerable Library - orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy

Library home page: https://files.pythonhosted.org/packages/32/a2/88e482eb8e899a037dcc9eff85ef117a568e6ca1ffa1a2b2be3fcb51b7bb/orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/202602191208361/env/lib/python3.9/site-packages/orjson-3.11.5.dist-info

Dependency Hierarchy:

• langchain-0.3.7-py3-none-any.whl (Root Library)
  • langsmith-0.1.147-py3-none-any.whl
    • ❌ orjson-3.11.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.

Publish Date: 2026-01-22

URL: CVE-2025-67221

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-01-22

Fix Resolution (orjson): 3.11.6

Direct dependency fix Resolution (langchain): 0.3.8

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2024-58340

Vulnerable Library - langchain-0.3.7-py3-none-any.whl

Building applications with LLMs through composability

Library home page: https://files.pythonhosted.org/packages/49/09/72630413a7ded27684e33392a0ff52ff1c8ea6749fee641319e75f82072b/langchain-0.3.7-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain-0.3.7-py3-none-any.whl

Dependency Hierarchy:

• ❌ langchain-0.3.7-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Found in base branch: main

Vulnerability Details

LangChain contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regular expression when extracting tool actions from model output. An attacker who can supply or influence the parsed text (for example via prompt injection in downstream applications that pass LLM output directly into MRKLOutputParser.parse()) can trigger excessive CPU consumption by providing a crafted payload, causing significant parsing delays and a denial-of-service condition.
Mend Note: The description of this vulnerability differs from MITRE.

Publish Date: 2026-01-12

URL: CVE-2024-58340

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

---

⛑️Automatic Remediation will be attempted for this issue.

[mend-for-github-com]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com]

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-for-github-com]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com]

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.