Browse all 46 CVE security advisories affecting FlowiseAI. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FlowiseAI is an open-source platform designed to simplify the development of custom Large Language Model applications by enabling users to construct complex AI workflows through a visual drag-and-drop interface. This accessibility, however, has correlated with a significant security footprint, currently encompassing 43 recorded Common Vulnerabilities and Exposures. Historical analysis reveals that these flaws predominantly stem from insufficient input validation and improper access controls, leading to frequent instances of Remote Code Execution and Cross-Site Scripting. Additionally, several incidents highlight critical privilege escalation risks where authenticated users could bypass intended restrictions to access sensitive system resources. The platform’s modular architecture often introduces supply chain dependencies that further expand the attack surface. While the tool facilitates rapid AI integration, its security posture remains a concern for enterprises, necessitating rigorous patch management and strict network segmentation to mitigate the potential for exploitation in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9148 | Flowise Stored Cross-Site Scripting — FlowiseChatEmbedCWE-79 | 9.6 | Critical | 2024-09-24 |
This page lists every published CVE security advisory associated with FlowiseAI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.