Threat Intelligence

Live CVE feed

299 threats tracked across 7 launch stacks — sourced from NVD, GHSA, CISA KEV, OSV, npm Audit, and EPSS.

31threats · Critical· page 2/2
Get guardrails →
2 rules

langchain vulnerable to arbitrary code execution

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. This is related to __subclasses__ or a template.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

llama-index vulnerable to arbitrary code execution

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to arbitrary code execution

An issue in langchain langchain-ai before version 0.0.325 allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

OWASP A03OWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to arbitrary code execution

An issue in Harrison Chase langchain before version 0.0.236 allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to arbitrary code execution

An issue in LangChain prior to v.0.0.247 allows a remote attacker to execute arbitrary code via the prompt parameter.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

langchain vulnerable to arbitrary code execution

An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.

OWASP A03OWASP LLM
Get guardrail →
2 rules

langchain arbitrary code execution vulnerability

An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

Langchain OS Command Injection vulnerability

Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference, a fix is available.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →
2 rules

LangChain vulnerable to code injection

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec() method.

OWASP A03LLM01 · Prompt InjectionOWASP LLM
Get guardrail →

Showing 2131 of 31 threats