AI Threat Alert AI Threat Alert

Flowise

npm AI Agents
17
Total CVEs
0
Critical
npm
Ecosystem
N/A
Last CVE
0%
Patch Rate

Known Vulnerabilities (17 total, page 1 of 1)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-31829 Flowise: SSRF via HTTP Node exposes internal network 8.8 Mar 10, 2026 CRITICAL CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 Mar 7, 2026 UNKNOWN CVE-2026-30823 Flowise: IDOR enables account takeover and SSO bypass -- Mar 7, 2026 UNKNOWN CVE-2026-30822 Flowise: mass assignment allows unauthenticated DB injection -- Mar 7, 2026 CRITICAL CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 Mar 7, 2026 HIGH CVE-2026-30820 Flowise: header spoof auth bypass exposes admin API & creds 8.8 Mar 7, 2026 CRITICAL CVE-2025-61913 Flowise: path traversal in file tools leads to RCE 9.9 Oct 8, 2025 HIGH CVE-2025-61687 Flowise: unrestricted file upload enables persistent RCE 8.8 Oct 6, 2025 CRITICAL CVE-2025-59528 Flowise: Unauthenticated RCE via MCP config injection 10.0 Sep 22, 2025 HIGH CVE-2025-59527 Flowise: unauthenticated SSRF exposes internal network 7.5 Sep 22, 2025 CRITICAL CVE-2025-58434 Flowise: auth bypass in reset flow allows full ATO 9.8 Sep 12, 2025 MEDIUM CVE-2024-37146 Flowise: reflected XSS enables credential theft 6.1 Jul 1, 2024 MEDIUM CVE-2024-37145 Flowise: reflected XSS enables file read chain via chatflow 6.1 Jul 1, 2024 MEDIUM CVE-2024-36423 Flowise: reflected XSS in chatflow API enables session hijack 6.1 Jul 1, 2024 MEDIUM CVE-2024-36422 Flowise: reflected XSS enables session hijack and file read 6.1 Jul 1, 2024 HIGH CVE-2024-36421 Flowise: CORS wildcard enables file read and data theft 7.5 Jul 1, 2024 HIGH CVE-2024-36420 Flowise: unauthenticated arbitrary file read via API 7.5 Jul 1, 2024

Monitor Flowise in your stack

Get instant alerts when new vulnerabilities affect Flowise. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring