{"data":{"slug":"hwchase17-notion-qa","name":"notion-qa","trust":{"provenance":{"is_fork":false,"github_id":562678926,"owner_type":"User","methodology":"github_public_v1","parent_repo":null,"near_duplicate_slugs":[]},"computed_at":"2026-07-11T10:50:44.590Z","maintenance":{"label":"Dormant","score":18,"methodology":"github_public_v1","releases_90d":0,"days_since_push":673,"last_release_at":null},"security_summary":{"status":"findings","scanner":"osv@v1","low_count":22,"high_count":4,"last_scan_at":"2026-07-11T10:50:45.477Z","medium_count":3,"scan_profile":"deps","critical_count":11}},"findings":[{"id":"GHSA-2qmj-7962-cjq8","severity":"critical","title":"langchain arbitrary code execution vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-36258","location":"requirements.txt"},{"id":"GHSA-3644-q5cj-c5c7","severity":"high","title":"LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning","package":"langchain@0.0.170","cve":"CVE-2026-45134","location":"requirements.txt"},{"id":"GHSA-3hjh-jh2h-vrg6","severity":"medium","title":"Denial of service in langchain-community","package":"langchain@0.0.170","cve":"CVE-2024-2965","location":"requirements.txt"},{"id":"GHSA-45pg-36p6-83v9","severity":"low","title":"Langchain SQL Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2024-8309","location":"requirements.txt"},{"id":"GHSA-57fc-8q82-gfp3","severity":"critical","title":"langchain vulnerable to arbitrary code execution","package":"langchain@0.0.170","cve":"CVE-2023-36188","location":"requirements.txt"},{"id":"GHSA-655w-fm8m-m478","severity":"high","title":"LangChain Server Side Request Forgery vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-46229","location":"requirements.txt"},{"id":"GHSA-6643-h7h5-x9wh","severity":"critical","title":"Langchain vulnerable to arbitrary code execution","package":"langchain@0.0.170","cve":"CVE-2023-34541","location":"requirements.txt"},{"id":"GHSA-6h8p-4hx9-w66c","severity":"high","title":"Langchain Server-Side Request Forgery vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-32786","location":"requirements.txt"},{"id":"GHSA-7gfq-f96f-g85j","severity":"critical","title":"langchain vulnerable to arbitrary code execution","package":"langchain@0.0.170","cve":"CVE-2023-36281","location":"requirements.txt"},{"id":"GHSA-7q94-qpjr-xpgm","severity":"high","title":"langchain SQL Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-36189","location":"requirements.txt"},{"id":"GHSA-8h5w-f6q9-wg35","severity":"critical","title":"Langchain SQL Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-32785","location":"requirements.txt"},{"id":"GHSA-92j5-3459-qgp4","severity":"critical","title":"LangChain vulnerable to arbitrary code execution","package":"langchain@0.0.170","cve":"CVE-2023-38896","location":"requirements.txt"},{"id":"GHSA-f73w-4m7g-ch9x","severity":"critical","title":"Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library","package":"langchain@0.0.170","cve":"CVE-2023-39631","location":"requirements.txt"},{"id":"GHSA-fj32-q626-pjjc","severity":"critical","title":"LangChain vulnerable to arbitrary code execution","package":"langchain@0.0.170","cve":"CVE-2023-38860","location":"requirements.txt"},{"id":"GHSA-gr75-jv2w-4656","severity":"medium","title":"LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders","package":"langchain@0.0.170","cve":"CVE-2026-55443","location":"requirements.txt"},{"id":"GHSA-gwqq-6vq7-5j86","severity":"critical","title":"langchain Code Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-36095","location":"requirements.txt"},{"id":"GHSA-h59x-p739-982c","severity":"low","title":"LangChain directory traversal vulnerability","package":"langchain@0.0.170","cve":"CVE-2024-28088","location":"requirements.txt"},{"id":"GHSA-h9j7-5xvc-qhg5","severity":"low","title":"langchain Server-Side Request Forgery vulnerability","package":"langchain@0.0.170","cve":"CVE-2024-0243","location":"requirements.txt"},{"id":"GHSA-prgp-w7vf-ch62","severity":"critical","title":"LangChain vulnerable to arbitrary code execution","package":"langchain@0.0.170","cve":"CVE-2023-39659","location":"requirements.txt"},{"id":"GHSA-rgp8-pm28-3759","severity":"medium","title":"langchain vulnerable to path traversal","package":"langchain@0.0.170","cve":"CVE-2024-3571","location":"requirements.txt"},{"id":"GHSA-x32c-59v5-h7fg","severity":"critical","title":"Langchain OS Command Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-34540","location":"requirements.txt"},{"id":"PYSEC-2023-109","severity":"low","title":"PYSEC-2023-109","package":"langchain@0.0.170","cve":"CVE-2023-36188","location":"requirements.txt"},{"id":"PYSEC-2023-110","severity":"low","title":"PYSEC-2023-110","package":"langchain@0.0.170","cve":"CVE-2023-36189","location":"requirements.txt"},{"id":"PYSEC-2023-138","severity":"low","title":"PYSEC-2023-138","package":"langchain@0.0.170","cve":"CVE-2023-36095","location":"requirements.txt"},{"id":"PYSEC-2023-145","severity":"low","title":"PYSEC-2023-145","package":"langchain@0.0.170","cve":"CVE-2023-38860","location":"requirements.txt"},{"id":"PYSEC-2023-146","severity":"low","title":"PYSEC-2023-146","package":"langchain@0.0.170","cve":"CVE-2023-38896","location":"requirements.txt"},{"id":"PYSEC-2023-147","severity":"low","title":"PYSEC-2023-147","package":"langchain@0.0.170","cve":"CVE-2023-39659","location":"requirements.txt"},{"id":"PYSEC-2023-151","severity":"low","title":"PYSEC-2023-151","package":"langchain@0.0.170","cve":"CVE-2023-36281","location":"requirements.txt"},{"id":"PYSEC-2023-162","severity":"low","title":"PYSEC-2023-162","package":"langchain@0.0.170","cve":"CVE-2023-39631","location":"requirements.txt"},{"id":"PYSEC-2023-205","severity":"low","title":"PYSEC-2023-205","package":"langchain@0.0.170","cve":"CVE-2023-46229","location":"requirements.txt"},{"id":"PYSEC-2023-91","severity":"low","title":"PYSEC-2023-91","package":"langchain@0.0.170","cve":"CVE-2023-34540","location":"requirements.txt"},{"id":"PYSEC-2023-92","severity":"low","title":"PYSEC-2023-92","package":"langchain@0.0.170","cve":"CVE-2023-34541","location":"requirements.txt"},{"id":"PYSEC-2023-98","severity":"low","title":"PYSEC-2023-98","package":"langchain@0.0.170","cve":"CVE-2023-36258","location":"requirements.txt"},{"id":"PYSEC-2024-118","severity":"low","title":"PYSEC-2024-118","package":"langchain@0.0.170","cve":"CVE-2024-2965","location":"requirements.txt"},{"id":"PYSEC-2024-43","severity":"low","title":"PYSEC-2024-43","package":"langchain@0.0.170","cve":"CVE-2024-28088","location":"requirements.txt"},{"id":"PYSEC-2026-1507","severity":"low","title":"Langchain SQL Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2024-8309","location":"requirements.txt"},{"id":"PYSEC-2026-1508","severity":"low","title":"Langchain Server-Side Request Forgery vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-32786","location":"requirements.txt"},{"id":"PYSEC-2026-1509","severity":"low","title":"langchain Server-Side Request Forgery vulnerability","package":"langchain@0.0.170","cve":"CVE-2024-0243","location":"requirements.txt"},{"id":"PYSEC-2026-1510","severity":"low","title":"langchain vulnerable to path traversal","package":"langchain@0.0.170","cve":"CVE-2024-3571","location":"requirements.txt"},{"id":"PYSEC-2026-372","severity":"low","title":"Langchain SQL Injection vulnerability","package":"langchain@0.0.170","cve":"CVE-2023-32785","location":"requirements.txt"}],"methodology":"github_public_v1"}}