pkg:npm/flowise-components

All known vulnerabilities

• CRITICAL9.9CVE-2026-40933Flowise: Authenticated RCE Via MCP Adapters
  from 0, < 3.1.0
• CRITICAL9.8CVE-2026-41264Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
  from 0, < 3.1.0
• CRITICAL9.8CVE-2026-41265Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
  from 0, < 3.1.0
• HIGH8.8Flowise: Code Injection in CSVAgent leads to Authenticated RCE
  from 0, < 3.1.0
• HIGH8.3Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
  from 0, < 3.1.0
• HIGH7.7Flowise: Parameter Override Bypass Remote Command Execution
  from 0, < 3.1.0
• HIGH7.7Flowise is vulnerable to arbitrary file write through its WriteFileTool
  from 0, < 3.0.8
• HIGH7.7Flowise is vulnerable to arbitrary file write through its WriteFileTool
  from 0, < 3.0.8
• HIGH7.6Flowise Vulnerable to SQL Injection via `tableName` Parameter
  from 0, < 2.2.4
• HIGH7.1Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
  from 0, < 3.1.0
• HIGH7.1Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
  from 0, < 3.1.0
• HIGH7.1Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
  from 0, < 3.1.0
• HIGH7.1Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
  from 0, < 3.0.13
• —Flowise: Cypher Injection in GraphCypherQAChain
  from 0, < 3.1.0
• —Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
  from 0, < 3.1.0