PyPi: Langchain-Community

CVE-2024-5998

Safety vulnerability ID: 73298

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 17, 2024 Updated at Aug 27, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of the langchain package are vulnerable to Deserialization of Untrusted Data due to unsafe pickle deserialization in the FAISS vector store implementation. The FAISS.deserialize_from_bytes function directly deserializes pickle data without proper validation, allowing arbitrary Python objects to be reconstructed and executed during the deserialization process.

Affected package

langchain-community

Latest version: 0.3.29

Community contributed LangChain integrations.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH