Browse all 32 CVE security advisories affecting langgenius. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Langgenius operates as an open-source, self-hosted large language model application development platform, enabling organizations to build and deploy custom AI interfaces. With thirty-two recorded Common Vulnerabilities and Exposures, the software has historically exhibited significant security flaws, primarily involving remote code execution, cross-site scripting, and broken access control mechanisms. These vulnerabilities often stem from improper input validation and insufficient authentication checks within the application’s API layers. Notably, several incidents have highlighted critical privilege escalation risks, allowing unauthorized users to gain administrative access or execute arbitrary commands on the host system. The platform’s architecture, which relies heavily on external dependencies and complex integrations, has contributed to its attack surface. While designed for enterprise flexibility, these recurring security issues underscore the necessity for rigorous patch management and strict configuration controls to mitigate potential exploitation by malicious actors seeking to compromise underlying infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-11821 | Privilege Escalation in langgenius/dify — langgenius/difyCWE-250 | 5.7 | - | 2025-03-20 |
| CVE-2025-1796 | Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify — langgenius/difyCWE-338 | 8.8 | - | 2025-03-20 |
This page lists every published CVE security advisory associated with langgenius. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.