flowise-components vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-M99R-2HXC-CP3QHighflowise: Flowise has an MCP Security Bypass that Enables RCECVE-2026-41264Criticalflowise: Flowise: CSV Agent Prompt Injection Remote Code Execution VulnerabilityCVE-2026-41265Criticalflowise: Flowise: Airtable_Agent Code Injection Remote Code Execution VulnerabilityCVE-2026-41274Highflowise: Flowise: Cypher Injection in GraphCypherQAChainCVE-2026-41271Highflowise: Flowise: APIChain Prompt Injection SSRF in GET/POST API ChainsCVE-2026-41272Highflowise: Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)CVE-2026-41270Highflowise: Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function SandboxCVE-2026-41268Highflowise: Flowise: Parameter Override Bypass Remote Command ExecutionCVE-2026-41137Criticalflowise: Flowise: Code Injection in CSVAgent leads to Authenticated RCECVE-2026-41138Highflowise: Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.GHSA-9HRV-GVRV-6GF2Mediumflowise: Flowise Execute Flow function has an SSRF vulnerabilityCVE-2026-43995Mediumflowise: Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)GHSA-W6V6-49GH-MC9WMediumflowise: Flowise: Path Traversal in Vector Store basePathCVE-2026-40933Criticalflowise: Flowise: Authenticated RCE Via MCP AdaptersCVE-2026-31829Highflowise: Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network AccessGHSA-J44M-5V8F-GC9CHighflowise: Flowise is vulnerable to arbitrary file exposure through its ReadFileToolCVE-2025-61913Criticalflowise: Flowise is vulnerable to arbitrary file write through its WriteFileTool CVE-2025-29189Highflowise-components: Flowise Vulnerable to SQL Injection via `tableName` Parameter

Stop the waste.
Protect your environment with Kodem.