Flowise Vulnerabilities

npm AI Agents

AI Threat Alert tracks 117 known vulnerabilities in Flowise, 27 rated critical — an AI/ML ai agents in the npm ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
117
Total CVEs
27
Critical
npm
Ecosystem
Jul 8, 2026
Last CVE
43%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (117 total, page 2 of 5)

Severity CVE ID Summary CVSS Published
CRITICAL CVE-2024-58351 Flowise: RCE and sandbox escape via overrideConfig 9.8 Jun 20, 2026 HIGH CVE-2026-46480 Flowise: mass-assignment allows cross-workspace takeover 8.8 Jun 8, 2026 HIGH CVE-2026-46479 Flowise: mass assignment cross-workspace takeover 8.8 Jun 8, 2026 HIGH CVE-2026-46478 Flowise: mass-assignment allows cross-workspace data takeover 8.8 Jun 8, 2026 HIGH CVE-2026-46477 Flowise: mass-assignment cross-workspace dataset takeover 8.8 Jun 8, 2026 HIGH CVE-2026-46476 Flowise: mass assignment enables cross-workspace takeover 8.8 Jun 8, 2026 HIGH CVE-2026-46475 Flowise: mass-assignment enables workspace takeover 8.8 Jun 8, 2026 HIGH CVE-2026-46444 Flowise: missing authz on vector store CRUD ops 8.8 Jun 8, 2026 MEDIUM CVE-2026-46443 Flowise: stored credentials exposed via API filter bug 6.5 Jun 8, 2026 CRITICAL CVE-2026-46442 Flowise: sandbox escape enables authenticated RCE 9.9 Jun 8, 2026 CRITICAL CVE-2026-46441 Flowise: mass assignment breaks multi-tenant isolation 9.6 Jun 8, 2026 CRITICAL CVE-2026-46440 Flowise: plaintext auth brute-force, no rate limit 9.1 Jun 8, 2026 MEDIUM GHSA-m837-xvxr-vqwg Flowise: hardcoded CORS wildcard enables drive-by credential abuse -- May 20, 2026 MEDIUM GHSA-59fh-9f3p-7m39 Flowise: mass assignment bypasses password controls -- May 20, 2026 MEDIUM GHSA-c2c9-mfw7-p8hw Flowise: cross-workspace chatflow config disclosure -- May 20, 2026 HIGH GHSA-hmg2-jjjx-jcp2 Flowise: missing authz on vector store CRUD endpoints -- May 14, 2026 HIGH GHSA-78pr-c5x5-jggc Flowise: IDOR via mass assignment breaks tenant isolation -- May 14, 2026 HIGH GHSA-728h-4mwj-f2p4 Flowise: mass assignment breaks cross-workspace isolation -- May 14, 2026 HIGH GHSA-5h9v-837x-m97r Flowise: mass assignment enables cross-workspace data takeover -- May 14, 2026 HIGH GHSA-7j65-65cr-6644 Flowise: mass assignment breaks cross-workspace isolation -- May 14, 2026 HIGH GHSA-mq53-pc65-wjc4 Flowise: mass assignment breaks workspace isolation -- May 14, 2026 HIGH GHSA-wxrr-jp8m-qq7f Flowise: mass assignment enables cross-workspace IDOR -- May 14, 2026 HIGH CVE-2026-42861 Flowise: mass assignment breaks multi-tenant isolation -- May 14, 2026 HIGH CVE-2026-42862 Flowise: mass assignment breaks tenant isolation -- May 14, 2026 HIGH CVE-2026-42863 Flowise: Mass Assignment enables cross-workspace takeover -- May 14, 2026

Showing 26–50 of 117

Frequently asked questions

What is Flowise?

Flowise is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the npm ecosystem.

How many known vulnerabilities does Flowise have?

Flowise has 117 known CVEs, 27 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Flowise distributed in?

Flowise is distributed via the npm ecosystem and categorized as ai agents.

Where does the Flowise vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Flowise?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Flowise in your stack

Get instant alerts when new vulnerabilities affect Flowise. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring