Nick StocksLangChain and LangGraph just had three CVEs disclosed simultaneously. The vulnerability classes: path traversal (CWE-22), deserialization of untrusted data (CWE-502), and SQL injection (CWE-89).
These are the same bugs the web security community spent two decades building framework-level protections against. The AI framework ecosystem hasn't inherited those defences yet.
84 million combined weekly downloads. Patch now.