18 Total advisories
18 Vulnerabilities
0 Malware
Vulnerabilities
UNKNOWN
GHSA-m99r-2hxc-cp3q
Flowise has an MCP Security Bypass that Enables RCE
UNKNOWN
CVE-2026-43995
Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
HIGH 7.1
CVE-2026-41270
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
CRITICAL 9.8
CVE-2026-41265
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
HIGH 8.3
CVE-2026-41138
Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
HIGH 7.7
CVE-2026-41268
Flowise: Parameter Override Bypass Remote Command Execution
HIGH 8.8
CVE-2026-41137
Flowise: Code Injection in CSVAgent leads to Authenticated RCE
HIGH 7.1
CVE-2026-41271
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
CRITICAL 9.8
CVE-2026-41264
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
HIGH 7.1
CVE-2026-41272
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
UNKNOWN
CVE-2026-41274
Flowise: Cypher Injection in GraphCypherQAChain
UNKNOWN
GHSA-9hrv-gvrv-6gf2
Flowise Execute Flow function has an SSRF vulnerability
UNKNOWN
GHSA-w6v6-49gh-mc9w
Flowise: Path Traversal in Vector Store basePath
CRITICAL 9.9
CVE-2026-40933
Flowise: Authenticated RCE Via MCP Adapters
HIGH 7.1
CVE-2026-31829
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
CRITICAL 9.9
CVE-2025-61913
Flowise is vulnerable to arbitrary file write through its WriteFileTool
HIGH 7.7
GHSA-j44m-5v8f-gc9c
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
HIGH 7.6
CVE-2025-29189
Flowise Vulnerable to SQL Injection via `tableName` Parameter
Ready to move
Start Securing
Free, no credit card | First findings in minutes