LOW 3.5 PyPI
GHSA-355v-2rjx-fpx7 · CVE-2024-9277 Inefficient Regular Expression Complexity in langflow
Modified: 10/1/2024
package
PyPI / langflow
pkg:pypi/langflow
CRITICAL 9.8 PyPI
GHSA-3645-fxcv-hqr4 · CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent
Modified: 2/28/2026
HIGH 8.8 PyPI
GHSA-4gv9-mp8m-592r · CVE-2025-57760 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
Modified: 12/18/2025
CRITICAL 9.8 PyPI
GHSA-56m6-4mhw-h3g5 · CVE-2024-42835, PYSEC-2024-279 langflow has vulnerability in PythonCodeTool component
Modified: 5/20/2026
HIGH 8.8 PyPI
GHSA-577h-p2hh-v4mv · CVE-2025-34291, PYSEC-2025-78 Langflow CORS misconfiguration enables Account Takeover and RCE
Modified: 5/29/2026
HIGH 7.7 PyPI
GHSA-5993-7p27-66g5 · CVE-2025-68477 Langflow vulnerable to Server-Side Request Forgery
Modified: 12/19/2025
LOW 2.7 PyPI
GHSA-5jjf-wcvf-923w · CVE-2026-6597 Langflow has an Information Leak through Incomplete API Key Redaction
Modified: 5/5/2026
CRITICAL 9.8 PyPI
GHSA-5p5r-57fx-pmfr · CVE-2024-48061 Langflow vulnerable to remote code execution
Modified: 11/7/2024
HIGH 7.5 PyPI
GHSA-7grx-3xcx-2xv5 · CVE-2026-33484, PYSEC-2026-80 langflow has Unauthenticated IDOR on Image Downloads
Modified: 5/20/2026
HIGH PyPI
GHSA-8c4j-f57c-35cf · CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Modified: 3/27/2026
MEDIUM 4.3 PyPI
GHSA-9jpj-cph8-w449 · CVE-2026-6598 Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
Modified: 5/5/2026
CRITICAL 9.6 PyPI
GHSA-9whx-c884-c68q · CVE-2026-42048 Langflow Knowledge Bases API is Vulnerable to Path Traversal
Modified: 5/13/2026
HIGH PyPI
GHSA-c5cp-vx83-jhqx · CVE-2026-21445 Langflow Missing Authentication on Critical API Endpoints
Modified: 2/3/2026
HIGH 7.1 PyPI
GHSA-f43r-cc68-gpx4 · CVE-2025-68478, PYSEC-2025-125 External Control of File Name or Path in Langflow
Modified: 5/20/2026
HIGH PyPI
GHSA-g22f-v6f7-2hrh · CVE-2026-0770 Langflow affected by Remote Code Execution via validate_code() exec()
Modified: 2/22/2026
CRITICAL 9.9 PyPI
GHSA-g2j9-7rj2-gm6c · CVE-2026-33309, PYSEC-2026-79 Langflow has an Arbitrary File Write (RCE) via v2 API
Modified: 5/20/2026
HIGH PyPI
GHSA-ph9w-r52h-28p7 · CVE-2026-33497, PYSEC-2026-81 langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
Modified: 5/20/2026
HIGH 8.8 PyPI
GHSA-qg33-x2c5-6p44 · CVE-2024-37014, PYSEC-2024-177 Langflow remote code execution vulnerability
Modified: 1/21/2025
HIGH PyPI
GHSA-rf6x-r45m-xv3w · CVE-2026-33053, PYSEC-2026-78 Langflow is Missing Ownership Verification in API Key Deletion (IDOR)
Modified: 5/20/2026
CRITICAL PyPI
GHSA-rvqx-wpfh-mfx7 · CVE-2025-3248, PYSEC-2025-36 Langflow Unauth RCE
Modified: 4/2/2026
MEDIUM 6.3 PyPI
GHSA-v66p-f7x3-4794 · CVE-2026-6599 Langflow vulnerable to injection
Modified: 5/5/2026
CRITICAL PyPI
GHSA-v8hw-mh8c-jxfc · CVE-2026-33873, PYSEC-2026-82 Langflow has Authenticated Code Execution in Agentic Assistant Validation
Modified: 5/20/2026
CRITICAL 9.8 PyPI
GHSA-vwmf-pq79-vjvx · CVE-2026-33017 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
Modified: 4/2/2026
CRITICAL 9.8 PyPI
PYSEC-2024-177 · CVE-2024-37014, GHSA-qg33-x2c5-6p44 Modified: 1/19/2025
CRITICAL 9.8 PyPI
PYSEC-2024-279 · CVE-2024-42835, GHSA-56m6-4mhw-h3g5 Modified: 5/21/2026
HIGH 7.1 PyPI
PYSEC-2025-125 · CVE-2025-68478, GHSA-f43r-cc68-gpx4 Modified: 5/20/2026
CRITICAL 9.8 PyPI
PYSEC-2025-36 · CVE-2025-3248, GHSA-rvqx-wpfh-mfx7 Modified: 6/17/2025
HIGH 8.8 PyPI
PYSEC-2025-78 · CVE-2025-34291, GHSA-577h-p2hh-v4mv Modified: 5/21/2026
HIGH 8.8 PyPI
PYSEC-2026-78 · CVE-2026-33053, GHSA-rf6x-r45m-xv3w Modified: 5/20/2026
CRITICAL 9.9 PyPI
PYSEC-2026-79 · CVE-2026-33309, GHSA-g2j9-7rj2-gm6c Modified: 5/20/2026
HIGH 7.5 PyPI
PYSEC-2026-80 · CVE-2026-33484, GHSA-7grx-3xcx-2xv5 Modified: 5/20/2026
HIGH 7.5 PyPI
PYSEC-2026-81 · CVE-2026-33497, GHSA-ph9w-r52h-28p7 Modified: 5/20/2026
CRITICAL 9.9 PyPI
PYSEC-2026-82 · CVE-2026-33873, GHSA-v8hw-mh8c-jxfc Modified: 5/20/2026