Flowise Vulnerabilities

npm AI Agents

AI Threat Alert tracks 117 known vulnerabilities in Flowise, 27 rated critical — an AI/ML ai agents in the npm ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
117
Total CVEs
27
Critical
npm
Ecosystem
Jul 8, 2026
Last CVE
43%
Patch Rate
3d
Avg Time to Patch

Known Vulnerabilities (117 total, page 5 of 5)

Severity CVE ID Summary CVSS Published
HIGH CVE-2026-31829 Flowise: SSRF via HTTP Node exposes internal network 8.8 Mar 10, 2026 CRITICAL CVE-2026-30824 Flowise: auth bypass exposes NVIDIA NIM container endpoints 9.8 Mar 7, 2026 UNKNOWN CVE-2026-30823 Flowise: IDOR enables account takeover and SSO bypass -- Mar 7, 2026 UNKNOWN CVE-2026-30822 Flowise: mass assignment allows unauthenticated DB injection -- Mar 7, 2026 CRITICAL CVE-2026-30821 flowise: Arbitrary File Upload enables RCE 9.8 Mar 7, 2026 HIGH CVE-2026-30820 Flowise: header spoof auth bypass exposes admin API & creds 8.8 Mar 7, 2026 CRITICAL CVE-2025-61913 Flowise: path traversal in file tools leads to RCE 9.9 Oct 8, 2025 HIGH CVE-2025-61687 Flowise: unrestricted file upload enables persistent RCE 8.8 Oct 6, 2025 CRITICAL CVE-2025-59528 Flowise: Unauthenticated RCE via MCP config injection 10.0 Sep 22, 2025 HIGH CVE-2025-59527 Flowise: unauthenticated SSRF exposes internal network 7.5 Sep 22, 2025 CRITICAL CVE-2025-58434 Flowise: auth bypass in reset flow allows full ATO 9.8 Sep 12, 2025 MEDIUM CVE-2024-37146 Flowise: reflected XSS enables credential theft 6.1 Jul 1, 2024 MEDIUM CVE-2024-37145 Flowise: reflected XSS enables file read chain via chatflow 6.1 Jul 1, 2024 MEDIUM CVE-2024-36423 Flowise: reflected XSS in chatflow API enables session hijack 6.1 Jul 1, 2024 MEDIUM CVE-2024-36422 Flowise: reflected XSS enables session hijack and file read 6.1 Jul 1, 2024 HIGH CVE-2024-36421 Flowise: CORS wildcard enables file read and data theft 7.5 Jul 1, 2024 HIGH CVE-2024-36420 Flowise: unauthenticated arbitrary file read via API 7.5 Jul 1, 2024

Showing 101–117 of 117

Frequently asked questions

What is Flowise?

Flowise is an AI/ML ai agents tracked by AI Threat Alert for security vulnerabilities in the npm ecosystem.

How many known vulnerabilities does Flowise have?

Flowise has 117 known CVEs, 27 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Flowise distributed in?

Flowise is distributed via the npm ecosystem and categorized as ai agents.

Where does the Flowise vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Flowise?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Flowise in your stack

Get instant alerts when new vulnerabilities affect Flowise. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring