Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FlowiseAI — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting FlowiseAI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by FlowiseAI:FlowiseFlowiseChatEmbed
CVE IDTitleCVSSSeverityPublished
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain — FlowiseCWE-943 9.8AICriticalAI2026-04-23
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability — FlowiseCWE-184 9.8AICriticalAI2026-04-23
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability — FlowiseCWE-77 9.6AICriticalAI2026-04-23
CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials — FlowiseCWE-639 8.2AIHighAI2026-04-23
CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs — FlowiseCWE-200 7.5AIHighAI2026-04-23
CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability — FlowiseCWE-287 7.4AIHighAI2026-04-23
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR) — FlowiseCWE-284 8.8AIHighAI2026-04-23
CVE-2026-41275 Flowise: Password Reset Link Sent Over Unsecured HTTP — FlowiseCWE-319 6.8AIMediumAI2026-04-23
CVE-2026-41273 Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow — FlowiseCWE-306 7.5AIHighAI2026-04-23
CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains — FlowiseCWE-918 8.6AIHighAI2026-04-23
CVE-2026-41272 Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) — FlowiseCWE-918 7.1 High2026-04-23
CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox — FlowiseCWE-284 7.1 High2026-04-23
CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment — FlowiseCWE-434 7.1 High2026-04-23
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution — FlowiseCWE-20 9.8AICriticalAI2026-04-23
CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association — FlowiseCWE-639 8.1 High2026-04-23
CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig — FlowiseCWE-200 9.1AICriticalAI2026-04-23
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE — FlowiseCWE-94 8.8AIHighAI2026-04-23
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. — FlowiseCWE-94 9.8AICriticalAI2026-04-23
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters — FlowiseCWE-78 10.0 Critical2026-04-21
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access — FlowiseCWE-918 7.1 High2026-03-10
CVE-2026-30824 Flowise: Missing Authentication on NVIDIA NIM Endpoints — FlowiseCWE-306 10.0 -2026-03-07
CVE-2026-30823 Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration — FlowiseCWE-639 8.1 -2026-03-07
CVE-2026-30822 Flowise: Mass Assignment in `/api/v1/leads` Endpoint — FlowiseCWE-915 5.3 -2026-03-07
CVE-2026-30821 Flowise: Arbitrary File Upload via MIME Spoofing — FlowiseCWE-434 9.8 -2026-03-07
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header — FlowiseCWE-863 8.8 -2026-03-07
CVE-2025-34267 Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages — FlowiseCWE-77 9.9AICriticalAI2025-10-14
CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write — FlowiseCWE-22 10.0 Critical2025-10-08
CVE-2025-61687 FlowiseAI/Flosise has File Upload vulnerability — FlowiseCWE-434 8.3 High2025-10-06
CVE-2025-50538 Flowise 安全漏洞 — FlowiseCWE-79 8.2 High2025-10-06
CVE-2025-29192 Flowise 安全漏洞 — FlowiseCWE-79 8.2 High2025-10-06

This page lists every published CVE security advisory associated with FlowiseAI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.