flowise vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41274Highflowise: Flowise: Cypher Injection in GraphCypherQAChainCVE-2026-41275Highflowise: Flowise: Password Reset Link Sent Over Unsecured HTTPCVE-2026-41273Highflowise: Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in FlowiseCVE-2026-41271Highflowise: Flowise: APIChain Prompt Injection SSRF in GET/POST API ChainsCVE-2026-41272Highflowise: Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)CVE-2026-41270Highflowise: Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function SandboxCVE-2026-41269Highflowise: Flowise: File Upload Validation Bypass in createAttachmentCVE-2026-41268Highflowise: Flowise: Parameter Override Bypass Remote Command ExecutionCVE-2026-41266Highflowise: Flowise: Sensitive Data Leak in public-chatbotConfig CVE-2026-41267Highflowise: Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization…CVE-2026-41137Criticalflowise: Flowise: Code Injection in CSVAgent leads to Authenticated RCECVE-2026-41138Highflowise: Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input…GHSA-9HRV-GVRV-6GF2Mediumflowise: Flowise Execute Flow function has an SSRF vulnerabilityCVE-2026-43995Mediumflowise: Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)GHSA-W6V6-49GH-MC9WMediumflowise: Flowise: Path Traversal in Vector Store basePathCVE-2026-56269Mediumflowise: Flowise: Weak Default Token Hash SecretGHSA-2QQC-P94C-HXWHMediumflowise: Flowise: Weak Default Express Session SecretGHSA-CC4F-HJPJ-G9P8Mediumflowise: Flowise: Weak Default JWT SecretsCVE-2026-56270Mediumflowise: Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET RequestCVE-2026-40933Criticalflowise: Flowise: Authenticated RCE Via MCP AdaptersCVE-2026-31829Highflowise: Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network…CVE-2026-30824Highflowise: Flowise Missing Authentication on NVIDIA NIM EndpointsCVE-2026-30823Highflowise: Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO ConfigurationCVE-2026-30822Highflowise: Flowise Allows Mass Assignment in `/api/v1/leads` EndpointCVE-2026-30821Highflowise: Flowise has Arbitrary File Upload via MIME Spoofing

Stop the waste.
Protect your environment with Kodem.