npm package
flowise
pkg:npm/flowise
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30820 | — | < 3.0.13 | 3.0.13 | Mar 7, 2026 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/** authorization checks. | ||
| CVE-2025-57164 | — | >= 3.0.5, < 3.0.6 | 3.0.6 | Oct 17, 2025 | Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field. | ||
| CVE-2025-34267 | — | >= 3.0.1, < 3.0.8 | 3.0.8 | Oct 14, 2025 | Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An | ||
| CVE-2025-61913 | — | < 3.0.8 | 3.0.8 | Oct 8, 2025 | Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitr | ||
| CVE-2025-61687 | — | >= 3.0.7, < 3.0.8 | 3.0.8 | Oct 6, 2025 | Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store maliciou | ||
| CVE-2025-50538 | — | < 3.0.8 | 3.0.8 | Oct 6, 2025 | Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log. | ||
| CVE-2025-29192 | — | < 3.0.5 | 3.0.5 | Oct 6, 2025 | Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log. | ||
| CVE-2025-59528 | — | >= 3.0.5, < 3.0.6 | 3.0.6 | Sep 22, 2025 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses th | ||
| CVE-2025-59527 | — | >= 3.0.5, < 3.0.6 | 3.0.6 | Sep 22, 2025 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to us | ||
| CVE-2025-58434 | — | < 3.0.6 | 3.0.6 | Sep 12, 2025 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authentication or verification. This | ||
| CVE-2025-55346 | Cri | 9.8 | <= 2.2.7-patch.1 | — | Aug 14, 2025 | User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request. | |
| CVE-2025-8943 | — | <= 3.0.5 | — | Aug 14, 2025 | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versio | ||
| CVE-2025-26319 | — | <= 2.2.6 | — | Mar 4, 2025 | FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. | ||
| CVE-2024-9148 | — | < 2.1.1 | 2.1.1 | Sep 24, 2024 | Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. | ||
| CVE-2024-8181 | — | <= 1.8.2 | — | Aug 27, 2024 | An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. | ||
| CVE-2024-8182 | — | <= 1.8.2 | — | Aug 27, 2024 | An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint. | ||
| CVE-2024-37146 | — | <= 1.4.3 | — | Jul 1, 2024 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacke | ||
| CVE-2024-37145 | — | <= 1.4.3 | — | Jul 1, 2024 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration is used (unauthenticated), an | ||
| CVE-2024-36423 | — | <= 1.4.3 | — | Jul 1, 2024 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is used (unauthenticated), an at | ||
| CVE-2024-36422 | — | <= 1.4.3 | — | Jul 1, 2024 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker m |
- CVE-2026-30820Mar 7, 2026affected < 3.0.13fixed 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/** authorization checks.
- CVE-2025-57164Oct 17, 2025affected >= 3.0.5, < 3.0.6fixed 3.0.6
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
- CVE-2025-34267Oct 14, 2025affected >= 3.0.1, < 3.0.8fixed 3.0.8
Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An
- CVE-2025-61913Oct 8, 2025affected < 3.0.8fixed 3.0.8
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitr
- CVE-2025-61687Oct 6, 2025affected >= 3.0.7, < 3.0.8fixed 3.0.8
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store maliciou
- CVE-2025-50538Oct 6, 2025affected < 3.0.8fixed 3.0.8
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
- CVE-2025-29192Oct 6, 2025affected < 3.0.5fixed 3.0.5
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
- CVE-2025-59528Sep 22, 2025affected >= 3.0.5, < 3.0.6fixed 3.0.6
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses th
- CVE-2025-59527Sep 22, 2025affected >= 3.0.5, < 3.0.6fixed 3.0.6
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to us
- CVE-2025-58434Sep 12, 2025affected < 3.0.6fixed 3.0.6
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authentication or verification. This
- affected <= 2.2.7-patch.1
User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.
- CVE-2025-8943Aug 14, 2025affected <= 3.0.5
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versio
- CVE-2025-26319Mar 4, 2025affected <= 2.2.6
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
- CVE-2024-9148Sep 24, 2024affected < 2.1.1fixed 2.1.1
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
- CVE-2024-8181Aug 27, 2024affected <= 1.8.2
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
- CVE-2024-8182Aug 27, 2024affected <= 1.8.2
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.
- CVE-2024-37146Jul 1, 2024affected <= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacke
- CVE-2024-37145Jul 1, 2024affected <= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration is used (unauthenticated), an
- CVE-2024-36423Jul 1, 2024affected <= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is used (unauthenticated), an at
- CVE-2024-36422Jul 1, 2024affected <= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker m
Page 3 of 4