HIGH 7.6 npm
Flowise Vulnerable to SQL Injection via `tableName` Parameter
GHSA-gjx9-wg9x-7gvp · CVE-2025-29189
Published · Modified
Description
Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-29189
- WEB https://github.com/FlowiseAI/Flowise/pull/3818
- WEB https://github.com/FlowiseAI/Flowise/commit/9a417bdc95f58d6dd92cbf60dad42414aba34754
- WEB https://drive.google.com/file/d/1WHPslTmQmAM9xPJifULS2qAo7hcidB4L/view?usp=sharing
- PACKAGE https://github.com/FlowiseAI/Flowise
Ready to move
Start Securing
Free, no credit card | First findings in minutes