← Back

Security Disclosures

CVEs and responsible disclosures.

CVEs — Sole Credit
CVE-2025-53365
MCP Python SDK — Streamable HTTP Transport DoS
MCP Python SDK <1.10.0 2025

Triggering an exception after establishing a streamable HTTP session causes uncaught ClosedResourceError, crashing the server.

CVE-2025-53366
MCP Python SDK — FastMCP Server Validation DoS
MCP Python SDK <1.9.4 2025

Malformed JSON-RPC requests cause unhandled validation exceptions, resulting in 500 errors and service unavailability.

CVEs — NVIDIA AI Red Team
CVE-2024-12366
PandasAI — Prompt Injection to RCE
PandasAI ≤2.4.3 2024 VU#148244

Prompt injection bypasses restrictions on module imports, jailbreak protections, and allowlists to achieve arbitrary Python code execution.

w/ Joe Lucas, Becca Lynch, John Irwin, Kai Greshake
CVE-2023-29374
LangChain — RCE via llm_math
LangChain <0.0.141 CVSS 9.8 2023

The llm_math chain enables remote code execution through the Python interpreter via prompt injection. Co-discovered with others.

CVE-2023-32786
LangChain — SSRF via APIChain
LangChain ≤0.0.193 2023

The APIChain.from_llm_and_api_docs chain enables server-side request forgery through prompt injection.

CVE-2023-36189
LangChain — SQL Injection via SQLDatabaseChain
LangChain ≤0.0.193 2023

The SQLDatabaseChain enables SQL injection attacks through prompt injection.

Other Responsible Disclosures
No CVE
Marvel Snap — OIDC Redirect Misconfiguration
Second Dinner / Nuverse 2025

OAuth2/OIDC flow permitted localhost as authorized redirect URI, enabling account takeover via social engineering.