Langsmith Sdk

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40190 MEDIUM PATCH GHSA This Month

Prototype pollution in LangSmith JavaScript/TypeScript SDK (langsmith) versions prior to 0.5.18 allows remote attackers to pollute Object.prototype via the createAnonymizer() API by supplying malicious constructor.prototype keys, bypassing an incomplete __proto__ filter. The vulnerability affects all objects in the Node.js process and can lead to information disclosure and integrity violations. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Node.js Prototype Pollution Langsmith Sdk
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-40190
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Prototype pollution in LangSmith JavaScript/TypeScript SDK (langsmith) versions prior to 0.5.18 allows remote attackers to pollute Object.prototype via the createAnonymizer() API by supplying malicious constructor.prototype keys, bypassing an incomplete __proto__ filter. The vulnerability affects all objects in the Node.js process and can lead to information disclosure and integrity violations. No public exploit code or active exploitation has been confirmed at time of analysis.

Information Disclosure Node.js Prototype Pollution +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy