Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FlowiseAI — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting FlowiseAI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FlowiseAI is an open-source platform designed to simplify the development of custom Large Language Model applications by enabling users to construct complex AI workflows through a visual drag-and-drop interface. This accessibility, however, has correlated with a significant security footprint, currently encompassing 43 recorded Common Vulnerabilities and Exposures. Historical analysis reveals that these flaws predominantly stem from insufficient input validation and improper access controls, leading to frequent instances of Remote Code Execution and Cross-Site Scripting. Additionally, several incidents highlight critical privilege escalation risks where authenticated users could bypass intended restrictions to access sensitive system resources. The platform’s modular architecture often introduces supply chain dependencies that further expand the attack surface. While the tool facilitates rapid AI integration, its security posture remains a concern for enterprises, necessitating rigorous patch management and strict network segmentation to mitigate the potential for exploitation in production environments.

Found 45 results / 46Clear Filters
Top products by FlowiseAI: Flowise FlowiseChatEmbed
CVE IDTitleCVSSSeverityPublished
CVE-2025-61687 FlowiseAI/Flosise has File Upload vulnerability — FlowiseCWE-434 8.3 High2025-10-06
CVE-2025-50538 Flowise 安全漏洞 — FlowiseCWE-79 8.2 High2025-10-06
CVE-2025-29192 Flowise 安全漏洞 — FlowiseCWE-79 8.2 High2025-10-06
CVE-2025-59528 Flowise has Remote Code Execution vulnerability — FlowiseCWE-94 10.0 Critical2025-09-22
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability — FlowiseCWE-918 7.5 High2025-09-22
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function — FlowiseCWE-200 9.6 Critical2025-09-22
CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover — FlowiseCWE-306 9.8 Critical2025-09-12
CVE-2024-8181 Flowise Authentication Bypass — Flowise 9.8 Critical2024-08-27
CVE-2024-8182 Flowise Denial of Service — Flowise 7.5 High2024-08-27
CVE-2024-37146 GHSL-2023-248: Flowise xss in /api/v1/credentials/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-37145 GHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-36423 GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-36422 GHSL-2023-245: Flowise xss in api/v1/chatflows/id — FlowiseCWE-79 6.1 Medium2024-07-01
CVE-2024-36421 GHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.ts — FlowiseCWE-346 7.5 High2024-07-01
CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file — FlowiseCWE-74 7.5 High2024-07-01

This page lists every published CVE security advisory associated with FlowiseAI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.