OsVault/npm/langsmith
npm

langsmith

5 known vulnerabilities · 0 critical · 0 high

CVE-2026-25528

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Published Feb 9, 2026
GHSA-fw9q-39r9-c252

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

Published Apr 10, 2026
GHSA-rr7j-v2q5-chgv

LangSmith SDK: Streaming token events bypass output redaction

Published Apr 16, 2026
GHSA-3644-q5cj-c5c7

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Published May 13, 2026
MAL-2026-5953

Malicious code in @mastra/langsmith (npm)

Published Jun 17, 2026
Check your entire dependency tree at onceRun dependency scan →