Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56278 |
|
Vulnerability in express (CVE-2026-56278)
vulnerability in express (CVE-2026-56278). Confidential information can be exposed externally.
|
| CVE-2026-58057 |
|
Vulnerability in flowiseai (CVE-2026-58057)
vulnerability in flowiseai (CVE-2026-58057). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71334 |
|
Vulnerability in flowiseai (CVE-2025-71334)
vulnerability in flowiseai (CVE-2025-71334). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71336 |
|
OS Command Injection in flowiseai (CVE-2025-71336)
OS command injection in flowiseai (CVE-2025-71336). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71338 |
|
Vulnerability in path-traversal (CVE-2025-71338)
vulnerability in path-traversal (CVE-2025-71338). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71333 |
|
Vulnerability in path-traversal (CVE-2025-71333)
vulnerability in path-traversal (CVE-2025-71333). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71327 |
|
Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
|
| CVE-2025-71324 |
|
Vulnerability in path-traversal (CVE-2025-71324)
vulnerability in path-traversal (CVE-2025-71324). Confidential information can be exposed externally.
|
| CVE-2026-56275 |
|
SSRF (Server-Side Request Forgery) in flowiseai (CVE-2026-56275)
SSRF in flowiseai (CVE-2026-56275). Confidential information can be exposed externally.
|
| CVE-2026-56274 |
|
OS Command Injection in flowiseai (CVE-2026-56274)
OS command injection in flowiseai (CVE-2026-56274). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71331 |
|
Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56268 |
|
Authorization Flaw in flowise (CVE-2026-56268)
vulnerability in flowise (CVE-2026-56268). Confidential information can be exposed externally. Exploitable via ``keyonly``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46444 |
|
Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46443 |
|
Information Disclosure in flowise (CVE-2026-46443)
vulnerability in flowise (CVE-2026-46443). Confidential information can be exposed externally. Exploitable via ``credentialName``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46442 |
|
Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46441 |
|
Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46440 |
|
Vulnerability in flowise (CVE-2026-46440)
vulnerability in flowise (CVE-2026-46440). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42863 |
|
Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42862 |
|
Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42861 |
|
Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-56269 |
|
Vulnerability in flowise (CVE-2026-56269)
vulnerability in flowise (CVE-2026-56269). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-56270 |
|
Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2025-71332 |
|
SQL Injection in flowise (CVE-2025-71332)
SQL injection in flowise (CVE-2025-71332). Confidential information can be exposed externally.
|