Flowise Vulnerabilities

npm AI Agents

AI Threat Alert tracks 117 known vulnerabilities in Flowise, 27 rated critical — an AI/ML ai agents in the npm ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
117
Total CVEs
27
Critical
npm
Ecosystem
Jul 8, 2026
Last CVE
43%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (117 total, page 4 of 5)

Severity CVE ID Summary CVSS Published
CRITICAL GHSA-v38x-c887-992f Flowise: prompt injection bypasses Python sandbox RCE -- Apr 18, 2026 HIGH GHSA-3prp-9gf7-4rxx Flowise: Mass assignment enables cross-tenant store takeover -- Apr 17, 2026 HIGH GHSA-w47f-j8rh-wx87 Flowise: credential exposure via public chatflow API -- Apr 17, 2026 HIGH GHSA-5fw2-mwhh-9947 Flowise: unauth TTS endpoint exposes stored AI API keys -- Apr 17, 2026 CRITICAL CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 Apr 16, 2026 MEDIUM GHSA-6pcv-j4jx-m4vx Flowise: unauthenticated SSO config exposes OAuth secrets 5.3 Apr 16, 2026 MEDIUM GHSA-cc4f-hjpj-g9p8 Flowise: hardcoded JWT defaults enable full auth bypass 5.6 Apr 16, 2026 MEDIUM GHSA-2qqc-p94c-hxwh Flowise: hardcoded session secret enables auth bypass 5.6 Apr 16, 2026 MEDIUM GHSA-m7mq-85xj-9x33 Flowise: hardcoded default key enables JWT token forgery 5.6 Apr 16, 2026 MEDIUM GHSA-w6v6-49gh-mc9w Flowise: path traversal allows arbitrary file write via vector store -- Apr 16, 2026 MEDIUM GHSA-qqvm-66q4-vf5c Flowise: SSRF bypass enables cloud credential theft -- Apr 16, 2026 MEDIUM GHSA-9hrv-gvrv-6gf2 Flowise: SSRF bypass enables cloud metadata access -- Apr 16, 2026 HIGH GHSA-f228-chmx-v6j6 Flowise: prompt injection RCE via AirtableAgent 8.3 Apr 16, 2026 CRITICAL GHSA-9wc7-mj3f-74xv Flowise CSVAgent: RCE via Python code injection -- Apr 16, 2026 HIGH GHSA-48m6-ch88-55mj Flowise: Mass Assignment allows cross-tenant org takeover 8.1 Apr 16, 2026 HIGH GHSA-4jpm-cgx2-8h37 Flowise: unauth API exposes plaintext API keys and tokens -- Apr 16, 2026 HIGH GHSA-cvrr-qhgw-2mm6 Flowise: unauthenticated RCE via FILE-STORAGE bypass 7.7 Apr 16, 2026 HIGH GHSA-rh7v-6w34-w2rr Flowise: MIME bypass enables persistent Node.js web shell RCE 7.1 Apr 16, 2026 HIGH GHSA-xhmj-rg95-44hv Flowise: SSRF bypass exposes cloud IAM credentials 7.1 Apr 16, 2026 HIGH GHSA-2x8m-83vc-6wv4 Flowise: SSRF bypass exposes internal services 7.1 Apr 16, 2026 HIGH GHSA-6r77-hqx7-7vw8 FlowiseAI: SSRF via prompt injection in API Chain 7.1 Apr 16, 2026 HIGH GHSA-6f7g-v4pp-r667 Flowise: OAuth token theft via unauthenticated endpoint -- Apr 16, 2026 HIGH GHSA-x5w6-38gp-mrqh Flowise: HTTP reset link exposes tokens to MITM takeover -- Apr 16, 2026 HIGH GHSA-28g4-38q8-3cwc Flowise: Cypher injection allows full Neo4j DB wipe -- Apr 16, 2026 HIGH GHSA-f6hc-c5jr-878p Flowise: auth bypass enables account takeover via null token -- Apr 16, 2026

Showing 76–100 of 117

Frequently asked questions

What is Flowise?

Flowise is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the npm ecosystem.

How many known vulnerabilities does Flowise have?

Flowise has 117 known CVEs, 27 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Flowise distributed in?

Flowise is distributed via the npm ecosystem and categorized as ai agents.

Where does the Flowise vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Flowise?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Flowise in your stack

Get instant alerts when new vulnerabilities affect Flowise. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring