npm / flowise-components

Flowise: Cypher Injection in GraphCypherQAChain

Modified: 5/5/2026

Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)

Modified: 5/5/2026

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

Modified: 5/5/2026

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Modified: 5/5/2026

Flowise Execute Flow function has an SSRF vulnerability

Modified: 4/16/2026

Flowise: Code Injection in CSVAgent leads to Authenticated RCE

Modified: 5/5/2026

Flowise: Authenticated RCE Via MCP Adapters

Modified: 4/16/2026

Flowise: Parameter Override Bypass Remote Command Execution

Modified: 5/5/2026

Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.

Modified: 5/5/2026

Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Modified: 4/10/2026

Flowise Vulnerable to SQL Injection via `tableName` Parameter

Modified: 4/10/2025

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Modified: 2/4/2026

Flowise is vulnerable to arbitrary file write through its WriteFileTool

Modified: 2/4/2026

Flowise has an MCP Security Bypass that Enables RCE

Modified: 5/16/2026

Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Modified: 5/13/2026

Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

Modified: 5/5/2026

Flowise: Path Traversal in Vector Store basePath

Modified: 4/16/2026

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Modified: 5/5/2026