Vendor CVEs
Langgenius
All CVEs
41 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41948 | Cri | 0.54 | 9.4 | 0.01 | May 18, 2026 | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant… | ||
| CVE-2026-41947 | Cri | 0.52 | 9.1 | 0.00 | May 18, 2026 | Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace… | ||
| CVE-2026-6618 | Med | 0.41 | 6.3 | 0.00 | Apr 20, 2026 | A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to… | ||
| CVE-2026-41950 | Med | 0.35 | 6.5 | 0.00 | May 5, 2026 | Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request.… | ||
| CVE-2026-6617 | Med | 0.34 | 6.3 | 0.00 | Apr 20, 2026 | A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument… | ||
| CVE-2026-42138 | Med | 0.33 | 6.1 | 0.00 | May 4, 2026 | Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also… | ||
| CVE-2026-41949 | Med | 0.31 | 5.9 | 0.00 | May 18, 2026 | Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access… | ||
| CVE-2026-6619 | Low | 0.23 | 3.5 | 0.00 | Apr 20, 2026 | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The… | ||
| CVE-2026-34082 | Med | 0.21 | 4.3 | 0.00 | Apr 20, 2026 | Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps//conversations/` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version… | ||
| CVE-2025-63387 | 0.02 | — | 0.28 | Dec 18, 2025 | Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks,… | |||
| CVE-2026-21866 | 0.00 | — | 0.00 | Mar 3, 2026 | Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe… | |||
| CVE-2026-28288 | 0.00 | — | 0.01 | Feb 27, 2026 | Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. | |||
| CVE-2026-26023 | 0.00 | — | 0.00 | Feb 11, 2026 | Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed.… | |||
| CVE-2025-67732 | 0.00 | — | 0.00 | Jan 5, 2026 | Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited… | |||
| CVE-2025-63388 | 0.00 | — | 0.00 | Dec 18, 2025 | A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials:… | |||
| CVE-2025-63386 | 0.00 | — | 0.00 | Dec 18, 2025 | A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting… | |||
| CVE-2025-56157 | 0.00 | — | 0.01 | Dec 18, 2025 | Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version… | |||
| CVE-2025-11750 | 0.00 | — | 0.01 | Oct 22, 2025 | In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or… | |||
| CVE-2025-58747 | 0.00 | — | 0.05 | Oct 17, 2025 | Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the… | |||
| CVE-2025-56520 | 0.00 | — | 0.01 | Sep 30, 2025 | Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720. | |||
| CVE-2025-59422 | 0.00 | — | 0.00 | Sep 25, 2025 | Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat messages of other… | |||
| CVE-2025-3467 | 0.00 | — | 0.00 | Jul 7, 2025 | An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation… | |||
| CVE-2025-3466 | 0.00 | — | 0.01 | Jul 7, 2025 | langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox… | |||
| CVE-2025-49149 | 0.00 | — | 0.00 | Jun 17, 2025 | Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS)… | |||
| CVE-2025-43854 | 0.00 | — | 0.00 | Apr 28, 2025 | DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or… | |||
| CVE-2025-43862 | 0.00 | — | 0.00 | Apr 25, 2025 | Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make… | |||
| CVE-2025-32796 | 0.00 | — | 0.00 | Apr 18, 2025 | Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to… | |||
| CVE-2025-32795 | 0.00 | — | 0.00 | Apr 18, 2025 | Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app… | |||
| CVE-2025-32790 | 0.00 | — | 0.00 | Apr 18, 2025 | Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL.… | |||
| CVE-2025-29720 | 0.00 | — | 0.00 | Apr 14, 2025 | Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. | |||
| CVE-2025-0184 | 0.00 | — | 0.00 | Mar 20, 2025 | A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL… | |||
| CVE-2024-11850 | 0.00 | — | 0.00 | Mar 20, 2025 | A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit this vulnerability by… | |||
| CVE-2024-12776 | 0.00 | — | 0.01 | Mar 20, 2025 | In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application. | |||
| CVE-2024-10252 | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading… | |||
| CVE-2024-12039 | 0.00 | — | 0.01 | Mar 20, 2025 | langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit… | |||
| CVE-2024-12775 | 0.00 | — | 0.01 | Mar 20, 2025 | langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set the `url` in the `servers`… | |||
| CVE-2024-11822 | 0.00 | — | 0.01 | Mar 20, 2025 | langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized… | |||
| CVE-2025-0185 | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user… | |||
| CVE-2024-11824 | 0.00 | — | 0.00 | Mar 20, 2025 | A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML… | |||
| CVE-2024-11821 | 0.00 | — | 0.00 | Mar 20, 2025 | A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on… | |||
| CVE-2025-1796 | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose,… |
- risk 0.54cvss 9.4epss 0.01
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant…
- risk 0.52cvss 9.1epss 0.00
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to…
- risk 0.35cvss 6.5epss 0.00
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request.…
- risk 0.34cvss 6.3epss 0.00
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument…
- risk 0.33cvss 6.1epss 0.00
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also…
- risk 0.31cvss 5.9epss 0.00
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access…
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The…
- risk 0.21cvss 4.3epss 0.00
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps//conversations/` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version…
- CVE-2025-63387Dec 18, 2025risk 0.02cvss —epss 0.28
Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks,…
- CVE-2026-21866Mar 3, 2026risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe…
- CVE-2026-28288Feb 27, 2026risk 0.00cvss —epss 0.01
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.
- CVE-2026-26023Feb 11, 2026risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed.…
- CVE-2025-67732Jan 5, 2026risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited…
- CVE-2025-63388Dec 18, 2025risk 0.00cvss —epss 0.00
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials:…
- CVE-2025-63386Dec 18, 2025risk 0.00cvss —epss 0.00
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting…
- CVE-2025-56157Dec 18, 2025risk 0.00cvss —epss 0.01
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version…
- CVE-2025-11750Oct 22, 2025risk 0.00cvss —epss 0.01
In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or…
- CVE-2025-58747Oct 17, 2025risk 0.00cvss —epss 0.05
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the…
- CVE-2025-56520Sep 30, 2025risk 0.00cvss —epss 0.01
Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.
- CVE-2025-59422Sep 25, 2025risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat messages of other…
- CVE-2025-3467Jul 7, 2025risk 0.00cvss —epss 0.00
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation…
- CVE-2025-3466Jul 7, 2025risk 0.00cvss —epss 0.01
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox…
- CVE-2025-49149Jun 17, 2025risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS)…
- CVE-2025-43854Apr 28, 2025risk 0.00cvss —epss 0.00
DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or…
- CVE-2025-43862Apr 25, 2025risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make…
- CVE-2025-32796Apr 18, 2025risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to…
- CVE-2025-32795Apr 18, 2025risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app…
- CVE-2025-32790Apr 18, 2025risk 0.00cvss —epss 0.00
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL.…
- CVE-2025-29720Apr 14, 2025risk 0.00cvss —epss 0.00
Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
- CVE-2025-0184Mar 20, 2025risk 0.00cvss —epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL…
- CVE-2024-11850Mar 20, 2025risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit this vulnerability by…
- CVE-2024-12776Mar 20, 2025risk 0.00cvss —epss 0.01
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.
- CVE-2024-10252Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading…
- CVE-2024-12039Mar 20, 2025risk 0.00cvss —epss 0.01
langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit…
- CVE-2024-12775Mar 20, 2025risk 0.00cvss —epss 0.01
langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set the `url` in the `servers`…
- CVE-2024-11822Mar 20, 2025risk 0.00cvss —epss 0.01
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized…
- CVE-2025-0185Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user…
- CVE-2024-11824Mar 20, 2025risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML…
- CVE-2024-11821Mar 20, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on…
- CVE-2025-1796Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose,…