目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

FlowiseAI 厂商漏洞列表 / CVE 中文分析 46

FlowiseAI 厂商相关 46 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

FlowiseAI 是一款开源可视化 LLM 应用构建平台,旨在简化工作流编排。鉴于其已收录 43 条 CVE,历史上常见漏洞涵盖越权访问、SQL 注入及不安全的反序列化等风险,部分严重缺陷甚至导致远程代码执行。该平台虽提升了开发效率,但配置不当易引发数据泄露或系统接管。用户需关注其权限控制机制与依赖组件更新,以缓解潜在的安全威胁,确保生产环境稳定。

上位製品 FlowiseAI: Flowise FlowiseChatEmbed
CVE IDタイトルCVSS深刻度公開日
CVE-2025-61687 FlowiseAI/Flosise has File Upload vulnerability — FlowiseCWE-434 8.3 High2025-10-06
CVE-2025-50538 Flowise 安全漏洞 — FlowiseCWE-79 8.2 High2025-10-06
CVE-2025-29192 Flowise 安全漏洞 — FlowiseCWE-79 8.2 High2025-10-06
CVE-2025-59528 Flowise has Remote Code Execution vulnerability — FlowiseCWE-94 10.0 Critical2025-09-22
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability — FlowiseCWE-918 7.5 High2025-09-22
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function — FlowiseCWE-200 9.6 Critical2025-09-22
CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover — FlowiseCWE-306 9.8 Critical2025-09-12
CVE-2024-9148 Flowise Stored Cross-Site Scripting — FlowiseChatEmbedCWE-79 9.6 Critical2024-09-24
CVE-2024-8181 Flowise Authentication Bypass — Flowise 9.8 Critical2024-08-27
CVE-2024-8182 Flowise Denial of Service — Flowise 7.5 High2024-08-27
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-37145 GHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-36423 GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-36422 GHSL-2023-245: Flowise xss in api/v1/chatflows/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-36421 GHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.ts — FlowiseCWE-346 7.5 High2024-07-01
CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file — FlowiseCWE-74 7.5 High2024-07-01

本页汇总了 FlowiseAI 厂商截至目前公开的全部 46 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。