langchain_core-0.3.18-py3-none-any.whl: 3 vulnerabilities (highest severity is: 9.3) unreachable

[mend-for-github-com]

Vulnerable Library - langchain_core-0.3.18-py3-none-any.whl

Building applications with LLMs through composability

Library home page: https://files.pythonhosted.org/packages/c6/bf/bce8f38fa59038e1d67fbc145eab86c00229e366956191a0a452ee24194e/langchain_core-0.3.18-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain_core-0.3.18-py3-none-any.whl

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Vulnerabilities

Vulnerability	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (langchain_core version)	Remediation Possible**	Reachability
CVE-2025-68664	Critical	9.3	Not Defined	0.0%	langchain_core-0.3.18-py3-none-any.whl	Direct	0.3.81	✅	Unreachable
CVE-2025-65106	High	8.2	Not Defined	0.1%	langchain_core-0.3.18-py3-none-any.whl	Direct	0.3.80	✅	Unreachable
CVE-2026-26013	Low	3.7	Not Defined	0.0%	langchain_core-0.3.18-py3-none-any.whl	Direct	1.2.11	✅	Unreachable

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2025-68664

Vulnerable Library - langchain_core-0.3.18-py3-none-any.whl

Building applications with LLMs through composability

Library home page: https://files.pythonhosted.org/packages/c6/bf/bce8f38fa59038e1d67fbc145eab86c00229e366956191a0a452ee24194e/langchain_core-0.3.18-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain_core-0.3.18-py3-none-any.whl

Dependency Hierarchy:

• ❌ langchain_core-0.3.18-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.

Publish Date: 2025-12-23

URL: CVE-2025-68664

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (9.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c67j-w6g6-q2cm

Release Date: 2025-12-23

Fix Resolution: 0.3.81

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2025-65106

Vulnerable Library - langchain_core-0.3.18-py3-none-any.whl

Building applications with LLMs through composability

Library home page: https://files.pythonhosted.org/packages/c6/bf/bce8f38fa59038e1d67fbc145eab86c00229e366956191a0a452ee24194e/langchain_core-0.3.18-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain_core-0.3.18-py3-none-any.whl

Dependency Hierarchy:

• ❌ langchain_core-0.3.18-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.

Publish Date: 2025-11-21

URL: CVE-2025-65106

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 3 Score Details (8.2)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-6qv9-48xg-fc7f

Release Date: 2025-11-20

Fix Resolution: 0.3.80

⛑️ Automatic Remediation will be attempted for this issue.

CVE-2026-26013

Vulnerable Library - langchain_core-0.3.18-py3-none-any.whl

Building applications with LLMs through composability

Library home page: https://files.pythonhosted.org/packages/c6/bf/bce8f38fa59038e1d67fbc145eab86c00229e366956191a0a452ee24194e/langchain_core-0.3.18-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260219120409_AEEMWL/python_IKDEBG/20260219120410/langchain_core-0.3.18-py3-none-any.whl

Dependency Hierarchy:

• ❌ langchain_core-0.3.18-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: c2a0de4212c13487918a46a2935ca84031dd91aa

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery (SSRF) attacks by providing malicious image URLs in user input. This vulnerability is fixed in 1.2.11.

Publish Date: 2026-02-10

URL: CVE-2026-26013

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 3 Score Details (3.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2026-02-10

Fix Resolution: 1.2.11

⛑️ Automatic Remediation will be attempted for this issue.

---

⛑️Automatic Remediation will be attempted for this issue.

[mend-for-github-com]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-for-github-com]

ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.