Update dependency langchain-core to v1 #30
Security Report
❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.
Scan Details Report
pip
/tmp/ws-scm/AutoPrompt/requirements.txt
| Step | Level | Description | Details |
|---|---|---|---|
| Resolving the project | ⚠Warn | Some problems occurred while performing the resolution operation |
|
❌ New vulnerabilities:
| Vulnerability | Severity | Exploit Maturity | EPSS | Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability | |
|---|---|---|---|---|---|---|---|---|---|
CVE-2025-68664Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/19/langchain_core-0.3.63-py3-none-any.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/6/langchain_core-0.3.63-py3-none-any.whl Dependency Hierarchy: -> ❌ langchain_core-0.3.63-py3-none-any.whl (Vulnerable Library) |
9.3 | Not Defined | 0.0% | Direct langchain_core-0.3.63-py3-none-any.whl |
langchain_core-0.3.63-py3-none-any.whl | 0.3.81 | None | ||
CVE-2026-0994Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/20/protobuf-5.29.6-cp38-abi3-manylinux2014_x86_64.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/11/protobuf-5.29.6-cp38-abi3-manylinux2014_x86_64.whl Dependency Hierarchy: -> ❌ protobuf-5.29.6-cp38-abi3-manylinux2014_x86_64.whl (Vulnerable Library) |
8.6 | Not Defined | 0.0% | Direct protobuf-5.29.6-cp38-abi3-manylinux2014_x86_64.whl |
protobuf-5.29.6-cp38-abi3-manylinux2014_x86_64.whl | 6.33.5 | None | ||
CVE-2025-65106Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/19/langchain_core-0.3.63-py3-none-any.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/6/langchain_core-0.3.63-py3-none-any.whl Dependency Hierarchy: -> ❌ langchain_core-0.3.63-py3-none-any.whl (Vulnerable Library) |
8.2 | Not Defined | 0.1% | Direct langchain_core-0.3.63-py3-none-any.whl |
langchain_core-0.3.63-py3-none-any.whl | 0.3.80 | None | ||
CVE-2025-6985Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/19/langchain_text_splitters-0.3.8-py3-none-any.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/6/langchain_text_splitters-0.3.8-py3-none-any.whl Dependency Hierarchy: -> ❌ langchain_text_splitters-0.3.8-py3-none-any.whl (Vulnerable Library) |
7.5 | Not Defined | 0.8% | Direct langchain_text_splitters-0.3.8-py3-none-any.whl |
langchain_text_splitters-0.3.8-py3-none-any.whl | 0.3.9 | None | ||
CVE-2026-25528Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/18/langsmith-0.4.37-py3-none-any.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/17/langsmith-0.4.37-py3-none-any.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/20/langsmith-0.4.37-py3-none-any.whl Dependency Hierarchy: -> ❌ langsmith-0.4.37-py3-none-any.whl (Vulnerable Library) |
5.8 | Not Defined | Direct langsmith-0.4.37-py3-none-any.whl |
langsmith-0.4.37-py3-none-any.whl | langsmith - 0.4.6,langsmith - 0.6.3 | None | |||
| 3.7 | Not Defined | Direct langchain_core-0.3.83-py3-none-any.whl |
langchain_core-0.3.83-py3-none-any.whl | 1.2.11 | None | ||||
CVE-2026-26013Path to dependency file: /requirements.txt Path to vulnerable library: /tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/19/langchain_core-0.3.63-py3-none-any.whl,/tmp/ws-ua_20260211121145_MKOAKR/python_SYRRZC/20260211121145/6/langchain_core-0.3.63-py3-none-any.whl Dependency Hierarchy: -> ❌ langchain_core-0.3.63-py3-none-any.whl (Vulnerable Library) |
3.7 | Not Defined | Direct langchain_core-0.3.63-py3-none-any.whl |
langchain_core-0.3.63-py3-none-any.whl | 1.2.11 | None |
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2025-65106 | langchain_core-0.3.18-py3-none-any.whl |
| CVE-2026-23490 | pyasn1-0.6.1.tar.gz |
| CVE-2025-68664 | langchain_core-0.3.18-py3-none-any.whl |
| CVE-2026-0994 | protobuf-5.29.5-cp38-abi3-manylinux2014_x86_64.whl |
| CVE-2025-6985 | langchain_text_splitters-0.3.2-py3-none-any.whl |
| CVE-2026-26013 | langchain_core-0.3.18-py3-none-any.whl |
Base branch total remaining vulnerabilities: 56
Base branch commit: 9a3bca3149e37f94e2272edbe947577b6db1eebc
Total libraries scanned: 172
Scan token: 06ec1290d46c47349011b260b62f9ed3