CRITICAL10.0CVE-2025-59528Flowise has Remote Code Execution vulnerability >= 3.0.5, < 3.0.6
from 0, < 3.1.0
CRITICAL9.8CVE-2026-41264Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability from 0, < 3.1.0
CRITICAL9.8Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
from 0, < 3.1.0
CRITICAL9.8Flowise: resetPassword Authentication Bypass Vulnerability
from 0, < 3.1.0
CRITICAL9.8Flowise vulnerable to RCE via Dynamic function constructor injection
from 0, <= 2.2.7-patch.1
CRITICAL9.8Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
from 0, < 3.0.6
CRITICAL9.8Flowise OS command remote code execution
from 0, <= 3.0.5
CRITICAL9.6Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
from 0, < 2.1.1
CRITICAL9.3Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
from 0, < 3.0.8
CRITICAL9.1FlowiseAI Pre-Auth Arbitrary Code Execution
>= 3.0.5, < 3.0.6
HIGH8.8FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
from 0, < 3.1.2
HIGH8.8FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
from 0, < 3.1.2
HIGH8.8FlowiseAI: Vector Store No Permission Checks
from 0, < 3.1.2
HIGH8.8Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
from 0, < 3.1.0
HIGH8.8Flowise: Code Injection in CSVAgent leads to Authenticated RCE
from 0, < 3.1.0
HIGH8.8Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration
from 0, < 3.0.13
HIGH8.3Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
from 0, < 3.1.0
HIGH8.3FlowiseAI/Flosise has File Upload vulnerability
>= 3.0.7, < 3.0.8
HIGH8.2Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise
from 0, < 3.1.0
HIGH8.1Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
from 0, < 3.1.0
HIGH7.7Flowise: Parameter Override Bypass Remote Command Execution
from 0, < 3.1.0
HIGH7.7Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint
from 0, < 3.0.13
HIGH7.7Flowise is vulnerable to arbitrary file write through its WriteFileTool
from 0, < 3.0.8
HIGH7.7Flowise is vulnerable to arbitrary file write through its WriteFileTool
from 0, < 3.0.8
HIGH7.6Flowise vulnerable to code injection via api/v1
from 0, < 1.8.1
HIGH7.5FlowiseAI Exposes Basic Auth Credentials via API
from 0, < 3.1.2
HIGH7.5Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
from 0, < 3.1.0
HIGH7.5Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
from 0, < 3.1.0
HIGH7.5Flowise: Password Reset Link Sent Over Unsecured HTTP
from 0, < 3.1.0
HIGH7.5Flowise: Sensitive Data Leak in public-chatbotConfig
from 0, < 3.1.0
HIGH7.5FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
>= 3.0.5, < 3.0.6
HIGH7.5Flowise Unauthenticated Denial of Service (DoS) vulnerability
from 0, <= 1.8.2
HIGH7.5Flowise Path Injection at /api/v1/openai-assistants-file
from 0, <= 1.4.3
HIGH7.5Flowise Cors Misconfiguration in packages/server/src/index.ts
from 0, <= 1.4.3
HIGH7.3Flowise Authentication Bypass vulnerability
from 0, <= 1.8.2
HIGH7.1Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
from 0, < 3.1.0
HIGH7.1Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
from 0, < 3.1.0
HIGH7.1Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
from 0, < 3.1.0
HIGH7.1Flowise: File Upload Validation Bypass in createAttachment
from 0, < 3.1.0
HIGH7.1Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
from 0, < 3.0.13
MEDIUM6.1Flowise Cross-site Scripting in/api/v1/credentials/id
from 0, <= 1.4.3
MEDIUM6.1Flowise Cross-site Scripting in api/v1/chatflows/id
from 0, <= 1.4.3
MEDIUM6.1Flowise Cross-site Scripting in /api/v1/public-chatflows/id
from 0, <= 1.4.3
MEDIUM6.1Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
from 0, <= 1.4.3
MEDIUM5.3Flowise Stored XSS vulnerability through logs in chatbot
from 0, < 3.0.5
LOW3.7Flowise: Bcrypt Password Hash Exposure
from 0, <= 3.0.12
—FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
from 0, < 3.1.2
—FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
from 0, < 3.1.2
—FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
from 0, < 3.1.2
—FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
from 0, < 3.1.2
—FlowiseAI Vulnerable to Credential Data Leak
from 0, < 3.1.2
—FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
from 0, < 3.1.2
—FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
from 0, < 3.1.2
—FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment
from 0, < 3.1.2
—FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
from 0, < 3.1.2
—FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment
from 0, < 3.1.2
—Flowise: Cypher Injection in GraphCypherQAChain
from 0, < 3.1.0
—Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
from 0, < 3.1.0
—Flowise Missing Authentication on NVIDIA NIM Endpoints
from 0, < 3.0.13
—Flowise has Arbitrary File Upload via MIME Spoofing
from 0, < 3.0.13
—Flowise has Authorization Bypass via Spoofed x-request-from Header
from 0, < 3.0.13
—Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages
>= 3.0.1, < 3.0.8
—FlowiseAI Flowise arbitrary file upload vulnerability
from 0, <= 2.2.6