Latest version: v2.60.2
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2024-55565 | 74955 |
Langfuse has updated the nanoid dependency to version 3.3.8 across mu… |
|
- | - |
| PVE-2025-75619 | 75619 |
Security Fix for Langfuse 3.28.1 | Security upgrades for DOMPurify an… |
|
- | - |
| CVE-2025-23207 | 75139 |
Langfuse upgrades katex to ^0.16.21 in package.json and web/package.j… |
|
- | - |
| CVE-2025-27152 | 75964 |
Langfuse upgrades its axios dependency to 1.8.2 due to the CVE-2025-2… |
|
- | - |
| PVE-2025-75618 | 75618 |
Security Fix for Langfuse 2.95.3 | Security upgrade of jsonpath-plus … |
|
- | - |
| PVE-2025-75620 | 75620 |
Security Fix for Langfuse 2.95.2 | DOMPurify library upgrade to addre… |
|
- | - |
| CVE-2024-56332 | 74956 |
Langfuse has updated the next dependency from version 14.2.15 to 14.2… |
|
- | - |
| CVE-2023-48309 | 74718 |
Langfuse 2.93.5 upgrades the next-auth dependency from ^4.24.7 to ^4.… |
|
MEDIUM | 5.3 |
| PVE-2024-73564 | 73564 |
Langfuse affected versions are vulnerable to Open Redirect (CWE-601).… |
|
- | - |
| PVE-2024-65269 | 65269 |
Langfuse version 2.1.0 updates its nodemailer dependency to 6.9.9 fro… |
|
- | - |