flowise vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-56268Mediumflowise: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected…GHSA-59FH-9F3P-7M39Mediumflowise: Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash…GHSA-M837-XVXR-VQWGMediumflowise: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any…CVE-2026-46480Highflowise: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeoverCVE-2026-46479Highflowise: FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeoverCVE-2026-46478Highflowise: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeoverCVE-2026-46477Highflowise: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeoverCVE-2026-46476Highflowise: FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeoverCVE-2026-46475Highflowise: FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeoverCVE-2026-46444Highflowise: FlowiseAI: Vector Store No Permission ChecksCVE-2026-46443Highflowise: FlowiseAI Vulnerable to Credential Data LeakCVE-2026-46442Criticalflowise: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox EscapeCVE-2026-46441Highflowise: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource…GHSA-M99R-2HXC-CP3QHighflowise: Flowise has an MCP Security Bypass that Enables RCECVE-2026-46440Highflowise: FlowiseAI Exposes Basic Auth Credentials via APICVE-2026-42863Highflowise: FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow…CVE-2026-42862Highflowise: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource…CVE-2026-42861Highflowise: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource…CVE-2026-8026Mediumflowise: Flowise: Bcrypt Password Hash ExposureCVE-2026-41264Criticalflowise: Flowise: CSV Agent Prompt Injection Remote Code Execution VulnerabilityCVE-2026-41265Criticalflowise: Flowise: Airtable_Agent Code Injection Remote Code Execution VulnerabilityCVE-2026-41279Highflowise: Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse…CVE-2026-41278Highflowise: Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys,…CVE-2026-41277Highflowise: Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover…CVE-2026-41276Highflowise: Flowise: resetPassword Authentication Bypass Vulnerability

Stop the waste.
Protect your environment with Kodem.