SCA: security update for langgraph-checkpoint-sqlite (GHSA-7p73-8jqx-23r8)

high Tenable Cloud Security Plugin ID 435874

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both
sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL
injection vulnerabilities using direct string concatenation without proper parameterization, allowing
attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11.
(CVE-2025-64104)

See Also

https://github.com/advisories/GHSA-7p73-8jqx-23r8

Plugin Details

Severity: High

ID: 435874

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 10/30/2025

Updated: 6/1/2026

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:P/A:N

CVSS Score Source: CVE-2025-64104

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 10/29/2025

Vulnerability Publication Date: 10/29/2025

Reference Information

CVE: CVE-2025-64104

cwe: CWE-89