pkg:npm/flowise

64 total CVEsCRITICAL11HIGH27MEDIUM5LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2025-59528Flowise has Remote Code Execution vulnerability
    >= 3.0.5, < 3.0.6
  • CRITICAL9.9CVE-2026-40933Flowise: Authenticated RCE Via MCP Adapters
    from 0, < 3.1.0
  • CRITICAL9.8CVE-2026-41264Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
    from 0, < 3.1.0
  • CRITICAL9.8CVE-2026-41265Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
    from 0, < 3.1.0
  • CRITICAL9.8CVE-2026-41276Flowise: resetPassword Authentication Bypass Vulnerability
    from 0, < 3.1.0
  • CRITICAL9.8CVE-2025-55346Flowise vulnerable to RCE via Dynamic function constructor injection
    from 0, <= 2.2.7-patch.1
  • CRITICAL9.8CVE-2025-58434Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
    from 0, < 3.0.6
  • CRITICAL9.8CVE-2025-8943Flowise OS command remote code execution
    from 0, <= 3.0.5
  • CRITICAL9.6CVE-2024-9148Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
    from 0, < 2.1.1
  • CRITICAL9.3CVE-2025-50538Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
    from 0, < 3.0.8
  • CRITICAL9.1CVE-2025-57164FlowiseAI Pre-Auth Arbitrary Code Execution
    >= 3.0.5, < 3.0.6
  • HIGH8.8CVE-2026-41277Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
    from 0, < 3.1.0
  • HIGH8.8CVE-2026-41137Flowise: Code Injection in CSVAgent leads to Authenticated RCE
    from 0, < 3.1.0
  • HIGH8.8CVE-2026-30823Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration
    from 0, < 3.0.13
  • HIGH8.3CVE-2026-41138Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
    from 0, < 3.1.0
  • HIGH8.3CVE-2025-61687FlowiseAI/Flosise has File Upload vulnerability
    >= 3.0.7, < 3.0.8
  • HIGH8.2CVE-2026-41273Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise
    from 0, < 3.1.0
  • HIGH8.1CVE-2026-41267Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
    from 0, < 3.1.0
  • HIGH7.7CVE-2026-41268Flowise: Parameter Override Bypass Remote Command Execution
    from 0, < 3.1.0
  • HIGH7.7CVE-2026-30822Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint
    from 0, < 3.0.13
  • HIGH7.7CVE-2025-61913Flowise is vulnerable to arbitrary file write through its WriteFileTool
    from 0, < 3.0.8
  • HIGH7.7CVE-2025-61913Flowise is vulnerable to arbitrary file write through its WriteFileTool
    from 0, < 3.0.8
  • HIGH7.6CVE-2024-31621Flowise vulnerable to code injection via api/v1
    from 0, < 1.8.1
  • HIGH7.5CVE-2026-46440FlowiseAI Exposes Basic Auth Credentials via API
    from 0, < 3.1.2
  • HIGH7.5CVE-2026-41279Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
    from 0, < 3.1.0
  • HIGH7.5CVE-2026-41278Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
    from 0, < 3.1.0
  • HIGH7.5CVE-2026-41275Flowise: Password Reset Link Sent Over Unsecured HTTP
    from 0, < 3.1.0
  • HIGH7.5CVE-2026-41266Flowise: Sensitive Data Leak in public-chatbotConfig
    from 0, < 3.1.0
  • HIGH7.5CVE-2025-59527FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
    >= 3.0.5, < 3.0.6
  • HIGH7.5CVE-2024-8182Flowise Unauthenticated Denial of Service (DoS) vulnerability
    from 0, <= 1.8.2
  • HIGH7.5CVE-2024-36421Flowise Cors Misconfiguration in packages/server/src/index.ts
    from 0, <= 1.4.3
  • HIGH7.5CVE-2024-36420Flowise Path Injection at /api/v1/openai-assistants-file
    from 0, <= 1.4.3
  • HIGH7.3CVE-2024-8181Flowise Authentication Bypass vulnerability
    from 0, <= 1.8.2
  • HIGH7.1CVE-2026-41271Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
    from 0, < 3.1.0
  • HIGH7.1CVE-2026-41272Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
    from 0, < 3.1.0
  • HIGH7.1CVE-2026-41270Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
    from 0, < 3.1.0
  • HIGH7.1CVE-2026-41269Flowise: File Upload Validation Bypass in createAttachment
    from 0, < 3.1.0
  • HIGH7.1CVE-2026-31829Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
    from 0, < 3.0.13
  • MEDIUM6.1CVE-2024-36423Flowise Cross-site Scripting in /api/v1/public-chatflows/id
    from 0, <= 1.4.3
  • MEDIUM6.1CVE-2024-37145Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
    from 0, <= 1.4.3
  • MEDIUM6.1CVE-2024-36422Flowise Cross-site Scripting in api/v1/chatflows/id
    from 0, <= 1.4.3
  • MEDIUM6.1CVE-2024-37146Flowise Cross-site Scripting in/api/v1/credentials/id
    from 0, <= 1.4.3
  • MEDIUM5.3CVE-2025-29192Flowise Stored XSS vulnerability through logs in chatbot
    from 0, < 3.0.5
  • LOW3.7CVE-2026-8026Flowise: Bcrypt Password Hash Exposure
    from 0, <= 3.0.12
  • CVE-2026-46480FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
    from 0, < 3.1.2
  • CVE-2026-46479FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
    from 0, < 3.1.2
  • CVE-2026-46478FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
    from 0, < 3.1.2
  • CVE-2026-46477FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
    from 0, < 3.1.2
  • CVE-2026-46476FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
    from 0, < 3.1.2
  • CVE-2026-46475FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
    from 0, < 3.1.2
  • CVE-2026-46444FlowiseAI: Vector Store No Permission Checks
    from 0, < 3.1.2
  • CVE-2026-46443FlowiseAI Vulnerable to Credential Data Leak
    from 0, < 3.1.2
  • CVE-2026-46442FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
    from 0, < 3.1.2
  • CVE-2026-46441FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
    from 0, < 3.1.2
  • CVE-2026-42863FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment
    from 0, < 3.1.2
  • CVE-2026-42862FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
    from 0, < 3.1.2
  • CVE-2026-42861FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment
    from 0, < 3.1.2
  • CVE-2026-41274Flowise: Cypher Injection in GraphCypherQAChain
    from 0, < 3.1.0
  • CVE-2026-43995Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
    from 0, < 3.1.0
  • CVE-2026-30824Flowise Missing Authentication on NVIDIA NIM Endpoints
    from 0, < 3.0.13
  • CVE-2026-30821Flowise has Arbitrary File Upload via MIME Spoofing
    from 0, < 3.0.13
  • CVE-2026-30820Flowise has Authorization Bypass via Spoofed x-request-from Header
    from 0, < 3.0.13
  • CVE-2025-34267Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages
    >= 3.0.1, < 3.0.8
  • CVE-2025-26319FlowiseAI Flowise arbitrary file upload vulnerability
    from 0, <= 2.2.6