Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

langgenius — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting langgenius. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by langgenius:difylanggenius/dify
CVE IDTitleCVSSSeverityPublished
CVE-2026-34082 Dify has IDOR in deleting someone else's chat conversation — difyCWE-863 4.3AIMediumAI2026-04-20
CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting — difyCWE-79 3.5 Low2026-04-20
CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery — difyCWE-918 6.3 Medium2026-04-20
CVE-2026-6617 langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery — difyCWE-918 6.3 Medium2026-04-20
CVE-2026-21866 Dify - Stored XSS in chat — difyCWE-79 5.4AIMediumAI2026-03-03
CVE-2026-28288 Dify has a user enumeration issue — difyCWE-204 5.3 -2026-02-27
CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts — difyCWE-79 6.1AIMediumAI2026-02-11
CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint — difyCWE-200 5.4 -2026-01-05
CVE-2025-11750 User Enumeration via Distinct Error Messages in langgenius/dify-web — langgenius/difyCWE-544 8.2AIHighAI2025-10-22
CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS — difyCWE-79 6.1AIMediumAI2025-10-17
CVE-2025-59422 Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others — difyCWE-284 4.3AIMediumAI2025-09-25
CVE-2025-3467 XSS Vulnerability in langgenius/dify — langgenius/difyCWE-79 6.1AIMediumAI2025-07-07
CVE-2025-3466 Unsanitized Input in langgenius/dify — langgenius/difyCWE-1100 9.8AICriticalAI2025-07-07
CVE-2025-49149 Dify has XSS vulnerability — difyCWE-79 6.1AIMediumAI2025-06-17
CVE-2025-43854 DIFY vulnerable to Clickjacking Attack — difyCWE-1021 6.1AIMediumAI2025-04-28
CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration — difyCWE-284 7.6 High2025-04-25
CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API — difyCWE-284 6.5 Medium2025-04-18
CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing — difyCWE-284 6.5 Medium2025-04-18
CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting — difyCWE-284 6.3 Medium2025-04-18
CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify — langgenius/difyCWE-918 9.1 -2025-03-20
CVE-2024-11850 Stored XSS in langgenius/dify — langgenius/difyCWE-79 5.4 -2025-03-20
CVE-2024-12776 Authentication Bypass in langgenius/dify — langgenius/difyCWE-305 9.8 -2025-03-20
CVE-2024-10252 Code Injection in langgenius/dify — langgenius/difyCWE-94 9.8 -2025-03-20
CVE-2024-12039 Improper Restriction of Excessive Authentication Attempts in langgenius/dify — langgenius/difyCWE-307 9.8 -2025-03-20
CVE-2024-12775 SSRF in langgenius/dify — langgenius/difyCWE-918 9.1 -2025-03-20
CVE-2024-11822 Server-Side Request Forgery (SSRF) in langgenius/dify — langgenius/difyCWE-918 7.5 -2025-03-20
CVE-2025-0185 Pandas Query Injection in langgenius/dify — langgenius/difyCWE-94 9.8 -2025-03-20
CVE-2024-11824 Stored XSS in langgenius/dify — langgenius/difyCWE-79 5.4 -2025-03-20
CVE-2024-11821 Privilege Escalation in langgenius/dify — langgenius/difyCWE-250 5.7 -2025-03-20
CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify — langgenius/difyCWE-338 8.8 -2025-03-20

This page lists every published CVE security advisory associated with langgenius. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.