flowise
npm70 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting flowisepage 1 of 2
- CVE-2024-31621HIGHCVSS 7.6EG 7.6✓ Fixed in 1.8.12024-04-29
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
- CVE-2024-36420HIGHCVSS 7.5EG 7.52024-07-01
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitizat…
- CVE-2024-36421HIGHCVSS 7.5EG 7.52024-07-01
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the …
- CVE-2024-36422MEDIUMCVSS 6.1EG 6.12024-07-01
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration…
- CVE-2024-36423MEDIUMCVSS 6.1EG 6.12024-07-01
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default confi…
- CVE-2024-37145MEDIUMCVSS 6.1EG 6.12024-07-01
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default co…
- CVE-2024-37146MEDIUMCVSS 6.1EG 6.12024-07-01
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configurat…
- CVE-2024-58351CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.1.42026-06-20
Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by d…
- CVE-2024-8181CRITICALCVSS 9.8EG 7.32024-08-27
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
- CVE-2024-8182HIGHCVSS 7.5EG 7.52024-08-27
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-…
- CVE-2024-9148CRITICALCVSS 9.6EG 9.6✓ Fixed in 2.1.12024-09-25
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
- CVE-2025-26319CRITICALCVSS 9.8EG 9.82025-03-04
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
- CVE-2025-29192HIGHCVSS 8.2EG 8.2✓ Fixed in 3.0.52025-10-06
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
- CVE-2025-34267HIGHCVSS 8.4EG 9.9✓ Fixed in 3.0.82025-10-14
Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) wit…
- CVE-2025-50538HIGHCVSS 8.2EG 8.2✓ Fixed in 3.0.82025-10-06
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
- CVE-2025-55346CRITICALCVSS 9.8EG 9.82025-08-14
User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.
- CVE-2025-57164MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.0.62025-10-17
vulnerable: 3.0.5
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
- CVE-2025-58434CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.62025-09-12
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` wit…
- CVE-2025-59527HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.62025-09-22
vulnerable: 3.0.5
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. Th…
- CVE-2025-59528CRITICALCVSS 10.0EG 10.0✓ Fixed in 3.0.62025-09-22
vulnerable: 3.0.5
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an…
- CVE-2025-61687HIGHCVSS 8.8EG 8.3✓ Fixed in 3.0.82025-10-06
vulnerable: 3.0.7
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables…
- CVE-2025-61913CRITICALCVSS 9.9EG 9.9✓ Fixed in 3.0.82025-10-08
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit th…
- CVE-2025-71324HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.62026-06-25
vulnerable: 3.0.5
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStora…
- CVE-2025-71327CRITICALCVSS 9.1EG 9.12026-06-25
vulnerable: 3.0.1
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary ac…
- CVE-2025-71331MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.0.82026-06-20
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <i…
- CVE-2025-71334CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.62026-06-25
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a…
- CVE-2025-71335HIGHCVSS 8.1EG 8.1✓ Fixed in 3.0.102026-06-25
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session tok…
- CVE-2025-71336CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.62026-06-25
Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because…
- CVE-2025-71338CRITICALCVSS 9.8EG 10.02026-06-25
Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters w…
- CVE-2025-8943CRITICALCVSS 9.8EG 9.82025-08-14
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access contro…
- CVE-2026-40933CRITICALCVSS 9.9EG 9.9✓ Fixed in 3.1.02026-04-21
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitr…
- CVE-2026-41137HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection …
- CVE-2026-41138HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’…
- CVE-2026-41264CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when eval…
- CVE-2026-41265CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when…
- CVE-2026-41266HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration w…
- CVE-2026-41267HIGHCVSS 8.1EG 8.1✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticate…
- CVE-2026-41268CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter …
- CVE-2026-41269HIGHCVSS 7.1EG 7.1✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker u…
- CVE-2026-41270HIGHCVSS 7.1EG 7.1✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application impl…
- CVE-2026-41271HIGHCVSS 8.3EG 8.3✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated att…
- CVE-2026-41272HIGHCVSS 7.1EG 7.1✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multipl…
- CVE-2026-41273HIGHCVSS 8.2EG 8.2✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens asso…
- CVE-2026-41274CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization…
- CVE-2026-41275HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS.…
- CVE-2026-41276CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is …
- CVE-2026-41277HIGHCVSS 8.8EG 8.8✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and …
- CVE-2026-41278HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker valid…
- CVE-2026-41279HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.02026-04-23
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId dire…
- CVE-2026-42861CRITICALCVSS 9.6EG 9.6✓ Fixed in 3.1.22026-06-08
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users t…
Check whether flowise is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for flowise CVEs against the assets you own.
Start Free Scan →