Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FlowiseAI — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting FlowiseAI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FlowiseAI is an open-source platform designed to simplify the development of custom Large Language Model applications by enabling users to construct complex AI workflows through a visual drag-and-drop interface. This accessibility, however, has correlated with a significant security footprint, currently encompassing 43 recorded Common Vulnerabilities and Exposures. Historical analysis reveals that these flaws predominantly stem from insufficient input validation and improper access controls, leading to frequent instances of Remote Code Execution and Cross-Site Scripting. Additionally, several incidents highlight critical privilege escalation risks where authenticated users could bypass intended restrictions to access sensitive system resources. The platform’s modular architecture often introduces supply chain dependencies that further expand the attack surface. While the tool facilitates rapid AI integration, its security posture remains a concern for enterprises, necessitating rigorous patch management and strict network segmentation to mitigate the potential for exploitation in production environments.

Top products by FlowiseAI: Flowise FlowiseChatEmbed
High2026-04-24
Cypher Injection in GraphCypherQAChain · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox · Advisory · FlowiseAI/Flowise ·
Critical2026-04-24
Airtable_Agent Code Injection Remote Code Execution Vulnerability · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise · Advisory · FlowiseAI/Flowise · GitHub
HighCVE-2024-472662026-04-24
Sensitive Data Leak in public-chatbotConfig · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
Password Reset Link Sent Over Unsecured HTTP · Advisory · FlowiseAI/Flowise · GitHub
HighCVE-2024-412712026-04-24
Flowise <= 2.2.1 APIChain Prompt Injection SSRF in GET/POST API Chains · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`. · Advi
High2026-04-24
Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs · Advi
Critical2026-04-24
CSV Agent Prompt Injection Remote Code Execution Vulnerability · Advisory · FlowiseAI/Flowise · GitHub
HighCVE-2026-412682026-04-24
Flowise Parameter Override Bypass Remote Command Execution · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association · Advisory · FlowiseAI/Fl
HighCVE-2025-412592026-04-24
File Upload Validation Bypass in createAttachment · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
SSRF Protection Bypass (TOCTOU & Default Insecure) · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR) · Advisory · FlowiseAI/
Critical2026-04-24
Code Injection in CSVAgent leads to Authenticated RCE · Advisory · FlowiseAI/Flowise · GitHub
High2026-04-24
Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials · Adviso

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with FlowiseAI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.