HIGH npm
GHSA-28g4-38q8-3cwc · CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain
수정: 2026. 5. 5.
package
npm / flowise
pkg:npm/flowise
MEDIUM 6.1 npm
GHSA-2jch-qc96-9f5g · CVE-2024-36422 Flowise Cross-site Scripting in api/v1/chatflows/id
수정: 2024. 8. 5.
HIGH 7.3 npm
GHSA-2q4w-x8h2-2fvh · CVE-2024-8181 Flowise Authentication Bypass vulnerability
수정: 2024. 9. 4.
MEDIUM 5.6 npm
GHSA-2qqc-p94c-hxwh Flowise: Weak Default Express Session Secret
수정: 2026. 4. 16.
CRITICAL 9.8 npm
GHSA-2vv2-3x8x-4gv7 · CVE-2025-8943 Flowise OS command remote code execution
수정: 2025. 8. 18.
HIGH 7.1 npm
GHSA-2x8m-83vc-6wv4 · CVE-2026-41272 Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
수정: 2026. 5. 5.
HIGH 8.3 npm
GHSA-35g6-rrw3-v6xc · CVE-2025-61687 FlowiseAI/Flosise has File Upload vulnerability
수정: 2025. 12. 16.
CRITICAL 10.0 npm
GHSA-3gcm-f6qx-ff7p · CVE-2025-59528 Flowise has Remote Code Execution vulnerability
수정: 2025. 10. 13.
CRITICAL 9.8 npm
GHSA-3hjv-c53m-58jj · CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
수정: 2026. 5. 5.
HIGH 8.8 npm
GHSA-3prp-9gf7-4rxx · CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
수정: 2026. 5. 5.
HIGH 8.1 npm
GHSA-48m6-ch88-55mj · CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
수정: 2026. 5. 5.
HIGH 7.5 npm
GHSA-48x4-mx8f-gr4h · CVE-2024-8182 Flowise Unauthenticated Denial of Service (DoS) vulnerability
수정: 2024. 8. 27.
MEDIUM npm
GHSA-4fr9-3x69-36wv Flowise vulnerable to XSS
수정: 2025. 10. 13.
HIGH 7.5 npm
GHSA-4jpm-cgx2-8h37 · CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig
수정: 2026. 5. 5.
MEDIUM npm
GHSA-59fh-9f3p-7m39 Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
수정: 2026. 5. 20.
HIGH npm
GHSA-5cph-wvm9-45gj Flowise OverrideConfig security vulnerability
수정: 2024. 11. 21.
HIGH npm
GHSA-5f53-522j-j454 · CVE-2026-30824 Flowise Missing Authentication on NVIDIA NIM Endpoints
수정: 2026. 3. 9.
HIGH 7.5 npm
GHSA-5fw2-mwhh-9947 · CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
수정: 2026. 5. 5.
HIGH npm
GHSA-5h9v-837x-m97r · CVE-2026-46477 FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
수정: 2026. 6. 9.
HIGH npm
GHSA-5wxp-qjgq-fx6m · CVE-2026-42863 FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment
수정: 2026. 6. 9.
HIGH 7.5 npm
GHSA-66f2-xxgm-f6xp · CVE-2024-36421 Flowise Cors Misconfiguration in packages/server/src/index.ts
수정: 2024. 8. 5.
HIGH npm
GHSA-6933-jpx5-q87q Flowise has unsandboxed remote code execution via Custom MCP
수정: 2025. 9. 15.
HIGH npm
GHSA-69jq-qr7w-j7qh · CVE-2025-26319 FlowiseAI Flowise arbitrary file upload vulnerability
수정: 2025. 3. 5.
HIGH 8.2 npm
GHSA-6f7g-v4pp-r667 · CVE-2026-41273 Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise
수정: 2026. 5. 5.
HIGH npm
GHSA-6fw7-3q8r-m5vj · CVE-2026-42861 FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment
수정: 2026. 6. 9.
MEDIUM 5.3 npm
GHSA-6pcv-j4jx-m4vx Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request
수정: 2026. 4. 16.
HIGH 7.1 npm
GHSA-6r77-hqx7-7vw8 · CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
수정: 2026. 5. 5.
HIGH 7.6 npm
GHSA-6wp6-22x5-rr3w · CVE-2024-31621 Flowise vulnerable to code injection via api/v1
수정: 2024. 8. 2.
HIGH npm
GHSA-728h-4mwj-f2p4 · CVE-2026-46476 FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
수정: 2026. 6. 9.
HIGH npm
GHSA-78pr-c5x5-jggc · CVE-2026-46475 FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
수정: 2026. 6. 9.
CRITICAL 9.1 npm
GHSA-7944-7c6r-55vv · CVE-2025-57164 FlowiseAI Pre-Auth Arbitrary Code Execution
수정: 2025. 10. 17.
HIGH npm
GHSA-7g73-99r4-m4mj · CVE-2026-46443 FlowiseAI Vulnerable to Credential Data Leak
수정: 2026. 6. 9.
HIGH npm
GHSA-7j65-65cr-6644 · CVE-2026-46478 FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
수정: 2026. 6. 9.
MEDIUM 5.3 npm
GHSA-7r4h-vmj9-wg42 · CVE-2025-29192 Flowise Stored XSS vulnerability through logs in chatbot
수정: 2026. 3. 14.
MEDIUM 6.1 npm
GHSA-858c-qxvx-rg9v · CVE-2024-37145 Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
수정: 2024. 8. 5.
LOW 3.7 npm
GHSA-8f47-4rh3-x44m · CVE-2026-8026 Flowise: Bcrypt Password Hash Exposure
수정: 2026. 5. 12.
CRITICAL 10.0 npm
GHSA-8vvx-qvq9-5948 Flowise allows arbitrary file write to RCE
수정: 2025. 3. 14.
CRITICAL 9.3 npm
GHSA-964p-j4gg-mhwc · CVE-2025-50538 Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel
수정: 2026. 2. 4.
CRITICAL 9.1 npm
GHSA-99pg-hqvx-r4gf Flowise has an Arbitrary File Read
수정: 2025. 9. 15.
MEDIUM 5.9 npm
GHSA-9c4c-g95m-c8cp FlowiseDB vulnerable to SQL Injection by authenticated users
수정: 2025. 4. 7.
MEDIUM npm
GHSA-9hrv-gvrv-6gf2 Flowise Execute Flow function has an SSRF vulnerability
수정: 2026. 4. 16.
CRITICAL npm
GHSA-9rvc-vf7m-pgm2 · CVE-2026-46442 FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
수정: 2026. 6. 9.
HIGH 8.8 npm
GHSA-9wc7-mj3f-74xv · CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE
수정: 2026. 5. 5.
MEDIUM npm
GHSA-c2c9-mfw7-p8hw Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows
수정: 2026. 5. 20.
CRITICAL 9.9 npm
GHSA-c9gw-hvqq-f33r · CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters
수정: 2026. 4. 16.
MEDIUM 5.6 npm
GHSA-cc4f-hjpj-g9p8 Flowise: Weak Default JWT Secrets
수정: 2026. 4. 16.
HIGH 7.7 npm
GHSA-cvrr-qhgw-2mm6 · CVE-2026-41268 Flowise: Parameter Override Bypass Remote Command Execution
수정: 2026. 5. 5.
HIGH 8.8 npm
GHSA-cwc3-p92j-g7qm · CVE-2026-30823 Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration
수정: 2026. 3. 9.
HIGH 8.3 npm
GHSA-f228-chmx-v6j6 · CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
수정: 2026. 5. 5.
CRITICAL 9.8 npm
GHSA-f6hc-c5jr-878p · CVE-2026-41276 Flowise: resetPassword Authentication Bypass Vulnerability
수정: 2026. 5. 5.
MEDIUM 6.1 npm
GHSA-fccx-2pwj-hrq7 · CVE-2024-36423 Flowise Cross-site Scripting in /api/v1/public-chatflows/id
수정: 2024. 8. 5.
HIGH 7.1 npm
GHSA-fvcw-9w9r-pxc7 · CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
수정: 2026. 4. 10.
CRITICAL npm
GHSA-h42x-xx2q-6v6g Flowise Pre-auth Arbitrary File Upload
수정: 2025. 3. 13.
HIGH 7.5 npm
GHSA-h997-3fxj-p5j8 · CVE-2024-36420 Flowise Path Injection at /api/v1/openai-assistants-file
수정: 2024. 8. 5.
HIGH 8.8 npm
GHSA-hmg2-jjjx-jcp2 · CVE-2026-46444 FlowiseAI: Vector Store No Permission Checks
수정: 2026. 6. 11.
CRITICAL 9.8 npm
GHSA-hmgh-466j-fx4c · CVE-2025-55346 Flowise vulnerable to RCE via Dynamic function constructor injection
수정: 2025. 10. 6.
HIGH npm
GHSA-hp26-q66v-q2w7 · CVE-2026-46441 FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
수정: 2026. 6. 9.
HIGH 7.5 npm
GHSA-hr92-4q35-4j3m · CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
수정: 2025. 9. 22.
HIGH 7.7 npm
GHSA-j44m-5v8f-gc9c Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
수정: 2026. 2. 4.
HIGH npm
GHSA-j8g8-j7fc-43v6 · CVE-2026-30821 Flowise has Arbitrary File Upload via MIME Spoofing
수정: 2026. 3. 9.
MEDIUM npm
GHSA-jc5m-wrp2-qq38 Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint
수정: 2026. 3. 5.
CRITICAL 9.9 npm
GHSA-jv9m-vf54-chjj · CVE-2025-61913 Flowise is vulnerable to arbitrary file write through its WriteFileTool
수정: 2026. 2. 4.
CRITICAL 9.6 npm
GHSA-m5p9-xvxj-64c8 · CVE-2024-9148 Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
수정: 2024. 9. 30.
MEDIUM 5.6 npm
GHSA-m7mq-85xj-9x33 Flowise: Weak Default Token Hash Secret
수정: 2026. 4. 16.
MEDIUM npm
GHSA-m837-xvxr-vqwg Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage
수정: 2026. 5. 20.
HIGH npm
GHSA-m99r-2hxc-cp3q Flowise has an MCP Security Bypass that Enables RCE
수정: 2026. 5. 16.
HIGH 7.7 npm
GHSA-mq4r-h2gh-qv7x · CVE-2026-30822 Flowise Allows Mass Assignment in `/api/v1/leads` Endpoint
수정: 2026. 3. 9.
HIGH npm
GHSA-mq53-pc65-wjc4 · CVE-2026-46479 FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
수정: 2026. 6. 9.
HIGH 7.5 npm
GHSA-php6-83fg-gw3g · CVE-2026-46440 FlowiseAI Exposes Basic Auth Credentials via API
수정: 2026. 6. 9.
CRITICAL 9.8 npm
GHSA-q67q-549q-p849 Flowise has arbitrary file access due to missing chat flow id validation
수정: 2025. 9. 15.
MEDIUM npm
GHSA-qqvm-66q4-vf5c · CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
수정: 2026. 5. 13.
HIGH npm
GHSA-r4hh-pcgx-j5r2 · CVE-2025-34267, GHSA-5w3r-f6gm-c25w Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages
수정: 2025. 10. 29.
HIGH 7.1 npm
GHSA-rh7v-6w34-w2rr · CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment
수정: 2026. 5. 5.
CRITICAL 9.8 npm
GHSA-v38x-c887-992f · CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
수정: 2026. 5. 5.
HIGH npm
GHSA-v5w9-prxf-w882 Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
수정: 2025. 11. 17.
HIGH 7.5 npm
GHSA-w47f-j8rh-wx87 · CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
수정: 2026. 5. 5.
MEDIUM npm
GHSA-w6v6-49gh-mc9w Flowise: Path Traversal in Vector Store basePath
수정: 2026. 4. 16.
CRITICAL 9.8 npm
GHSA-wgpv-6j63-x5ph · CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
수정: 2025. 9. 15.
HIGH npm
GHSA-wvhq-wp8g-c7vq · CVE-2026-30820 Flowise has Authorization Bypass via Spoofed x-request-from Header
수정: 2026. 3. 9.
MEDIUM 6.1 npm
GHSA-wxm4-9f8p-gggv · CVE-2024-37146 Flowise Cross-site Scripting in/api/v1/credentials/id
수정: 2024. 8. 5.
HIGH 8.8 npm
GHSA-wxrr-jp8m-qq7f · CVE-2026-46480 FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
수정: 2026. 6. 9.
MEDIUM 4.1 npm
GHSA-x2g5-fvc2-gqvp Flowise has Insufficient Password Salt Rounds
수정: 2026. 3. 5.
HIGH npm
GHSA-x5v6-pj28-cwwm · CVE-2026-42862 FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
수정: 2026. 6. 9.
HIGH 7.5 npm
GHSA-x5w6-38gp-mrqh · CVE-2026-41275 Flowise: Password Reset Link Sent Over Unsecured HTTP
수정: 2026. 5. 5.
HIGH 8.1 npm
GHSA-x7rp-qj2h-ghgw Flowise Fails to Invalidate Existing Sessions After Password Changes
수정: 2025. 11. 14.
HIGH 7.1 npm
GHSA-xhmj-rg95-44hv · CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
수정: 2026. 5. 5.