flowise vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-30820Highflowise: Flowise has Authorization Bypass via Spoofed x-request-from HeaderGHSA-JC5M-WRP2-QQ38Mediumflowise: Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password EndpointCVE-2026-56272Mediumflowise: Flowise has Insufficient Password Salt RoundsGHSA-V5W9-PRXF-W882Highflowise: Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)GHSA-X7RP-QJ2H-GHGWHighflowise: Flowise Fails to Invalidate Existing Sessions After Password ChangesCVE-2025-34267Highflowise: Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright PackagesGHSA-J44M-5V8F-GC9CHighflowise: Flowise is vulnerable to arbitrary file exposure through its ReadFileToolCVE-2025-61913Criticalflowise: Flowise is vulnerable to arbitrary file write through its WriteFileTool CVE-2025-61687Highflowise: FlowiseAI/Flosise has File Upload vulnerabilityCVE-2025-55346Criticalflowise: Flowise vulnerable to RCE via Dynamic function constructor injectionCVE-2025-29192Mediumflowise: Flowise Stored XSS vulnerability through logs in chatbotCVE-2025-50538Criticalflowise: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin…GHSA-4FR9-3X69-36WVMediumflowise: Flowise vulnerable to XSSGHSA-6933-JPX5-Q87QHighflowise: Flowise has unsandboxed remote code execution via Custom MCPGHSA-Q67Q-549Q-P849Criticalflowise: Flowise has arbitrary file access due to missing chat flow id validationGHSA-99PG-HQVX-R4GFCriticalflowise: Flowise has an Arbitrary File ReadCVE-2025-59528Criticalflowise: Flowise has Remote Code Execution vulnerabilityCVE-2025-59527Highflowise: FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerabilityCVE-2025-57164Criticalflowise: FlowiseAI Pre-Auth Arbitrary Code ExecutionCVE-2025-58434Criticalflowise: Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads…CVE-2025-8943Criticalflowise: Flowise OS command remote code executionCVE-2025-71332Mediumflowise: FlowiseDB vulnerable to SQL Injection by authenticated usersGHSA-8VVX-QVQ9-5948Criticalflowise: Flowise allows arbitrary file write to RCEGHSA-H42X-XX2Q-6V6GCriticalflowise: Flowise Pre-auth Arbitrary File UploadCVE-2025-26319Highflowise: FlowiseAI Flowise arbitrary file upload vulnerability

Stop the waste.
Protect your environment with Kodem.