COOEY // HUBcompliance · community · intelligence

FAIL › dossier

langchain vendor

2
failure events
0
zero-days
2
RCEs
0
on KEV
1
critical
50
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 3 events

DateEventSevFlagsShameSummary
2023-08-05 CVE-2023-36095 critical ⚡RCE 50 An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
2023-08-05 CVE-2023-36095 critical ⚡RCE 50 An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
2026-04-10 CVE-2026-40190 medium ⚡RCE 35 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in its internally vendored lodash set() utility. The baseAssignValue() function onl