flowise Security Advisories - Npm | Ecosyste.ms: Advisories

High

18 days ago

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages GSA_kwCzR0hTQS1yNGhoLXBjZ3gtajVyMs4ABNaj

npm flowise

High

22 days ago

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool GSA_kwCzR0hTQS1qNDRtLTV2OGYtZ2M5Y84ABNQ-

npm flowise-components, flowise

Critical

24 days ago

Flowise is vulnerable to arbitrary file write through its WriteFileTool GSA_kwCzR0hTQS1qdjltLXZmNTQtY2hqas4ABNKD

npm flowise-components, flowise

High

24 days ago

FlowiseAI/Flosise has File Upload vulnerability GSA_kwCzR0hTQS0zNWc2LXJydzMtdjZ4Y84ABNIu

npm flowise

Critical

27 days ago

Flowise vulnerable to RCE via Dynamic function constructor injection GSA_kwCzR0hTQS1obWdoLTQ2NmotZng0Y84ABM_s

npm flowise

Moderate

29 days ago

Flowise Stored XSS vulnerability through logs in chatbot GSA_kwCzR0hTQS03cjRoLXZtajktd2c0Ms4ABM7h

npm flowise

Critical

29 days ago

Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel GSA_kwCzR0hTQS05NjRwLWo0Z2ctbWh3Y84ABM7g

npm flowise

Moderate

29 days ago

Flowise vulnerable to XSS GSA_kwCzR0hTQS00ZnI5LTN4NjktMzZ3ds4ABM6z

npm flowise

High

about 2 months ago

Flowise has unsandboxed remote code execution via Custom MCP GSA_kwCzR0hTQS02OTMzLWpweDUtcTg3cc4ABMIl

npm flowise

Critical

about 2 months ago

Flowise has arbitrary file access due to missing chat flow id validation GSA_kwCzR0hTQS1xNjdxLTU0OXEtcDg0Oc4ABMIk

npm flowise

Critical

about 2 months ago

Flowise has an Arbitrary File Read GSA_kwCzR0hTQS05OXBnLWhxdngtcjRnZs4ABMIj

npm flowise

Critical

about 2 months ago

Flowise has Remote Code Execution vulnerability GSA_kwCzR0hTQS0zZ2NtLWY2cXgtZmY3cM4ABMIi

npm flowise

High

about 2 months ago

FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability GSA_kwCzR0hTQS1ocjkyLTRxMzUtNGozbc4ABMIh

npm flowise

Critical

about 2 months ago

FlowiseAI Pre-Auth Arbitrary Code Execution GSA_kwCzR0hTQS03OTQ0LTdjNnItNTV2ds4ABMIg

npm flowise

Critical

about 2 months ago

Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover GSA_kwCzR0hTQS13Z3B2LTZqNjMteDVwaM4ABMB8

npm flowise

Critical

3 months ago

Flowise OS command remote code execution GSA_kwCzR0hTQS0ydnYyLTN4OHgtNGd2N84ABLD2

npm flowise

Moderate

7 months ago

FlowiseDB vulnerable to SQL Injection by authenticated users GSA_kwCzR0hTQS05YzRjLWc5NW0tYzhjcM4ABGhA

npm flowise

Critical

8 months ago

Flowise allows arbitrary file write to RCE GSA_kwCzR0hTQS04dnZ4LXF2cTktNTk0OM4ABFfO

npm flowise

Critical

8 months ago

Flowise Pre-auth Arbitrary File Upload GSA_kwCzR0hTQS1oNDJ4LXh4MnEtNnY2Z84ABFbt

npm flowise

High

8 months ago

FlowiseAI Flowise arbitrary file upload vulnerability GSA_kwCzR0hTQS02OWpxLXFyN3ctajdxaM4ABFFr

npm flowise

High

12 months ago

Flowise OverrideConfig security vulnerability GSA_kwCzR0hTQS01Y3BoLXd2bTktNDVnas4ABBnC

npm flowise

Moderate

about 1 year ago

Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting GSA_kwCzR0hTQS1tNXA5LXh2eGotNjRjOM4AA_wR

npm flowise, flowise-embed

High

about 1 year ago

Flowise Unauthenticated Denial of Service (DoS) vulnerability GSA_kwCzR0hTQS00OHg0LW14OGYtZ3I0aM4AA--P

npm flowise

High

about 1 year ago

Flowise Authentication Bypass vulnerability GSA_kwCzR0hTQS0ycTR3LXg4aDItMmZ2aM4AA--Q

npm flowise

Moderate

about 1 year ago

Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id GSA_kwCzR0hTQS04NThjLXF4dngtcmc5ds4AA-Y8

npm flowise

Moderate

about 1 year ago

Flowise Cross-site Scripting in api/v1/chatflows/id GSA_kwCzR0hTQS0yamNoLXFjOTYtOWY1Z84AA-Y6

npm flowise

Moderate

about 1 year ago

Flowise Cross-site Scripting in /api/v1/public-chatflows/id GSA_kwCzR0hTQS1mY2N4LTJwd2otaHJxN84AA-Y5

npm flowise

Moderate

about 1 year ago

Flowise Cross-site Scripting in/api/v1/credentials/id GSA_kwCzR0hTQS13eG00LTlmOHAtZ2dnds4AA-Y7

npm flowise

High

about 1 year ago

Flowise Path Injection at /api/v1/openai-assistants-file GSA_kwCzR0hTQS1oOTk3LTNmeGotcDVqOM4AA-Y2

npm flowise

High

about 1 year ago

Flowise Cors Misconfiguration in packages/server/src/index.ts GSA_kwCzR0hTQS02NmYyLXh4Z20tZjZ4cM4AA-Y4

npm flowise

High

over 1 year ago

Flowise vulnerable to code injection via api/v1 GSA_kwCzR0hTQS02d3A2LTIyeDUtcnIzd84AA7Y-

npm flowise

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

flowise

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages GSA_kwCzR0hTQS1yNGhoLXBjZ3gtajVyMs4ABNaj

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool GSA_kwCzR0hTQS1qNDRtLTV2OGYtZ2M5Y84ABNQ-

Flowise is vulnerable to arbitrary file write through its WriteFileTool GSA_kwCzR0hTQS1qdjltLXZmNTQtY2hqas4ABNKD

FlowiseAI/Flosise has File Upload vulnerability GSA_kwCzR0hTQS0zNWc2LXJydzMtdjZ4Y84ABNIu

Flowise vulnerable to RCE via Dynamic function constructor injection GSA_kwCzR0hTQS1obWdoLTQ2NmotZng0Y84ABM_s

Flowise Stored XSS vulnerability through logs in chatbot GSA_kwCzR0hTQS03cjRoLXZtajktd2c0Ms4ABM7h

Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel GSA_kwCzR0hTQS05NjRwLWo0Z2ctbWh3Y84ABM7g

Flowise vulnerable to XSS GSA_kwCzR0hTQS00ZnI5LTN4NjktMzZ3ds4ABM6z

Flowise has unsandboxed remote code execution via Custom MCP GSA_kwCzR0hTQS02OTMzLWpweDUtcTg3cc4ABMIl

Flowise has arbitrary file access due to missing chat flow id validation GSA_kwCzR0hTQS1xNjdxLTU0OXEtcDg0Oc4ABMIk

Flowise has an Arbitrary File Read GSA_kwCzR0hTQS05OXBnLWhxdngtcjRnZs4ABMIj

Flowise has Remote Code Execution vulnerability GSA_kwCzR0hTQS0zZ2NtLWY2cXgtZmY3cM4ABMIi

FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability GSA_kwCzR0hTQS1ocjkyLTRxMzUtNGozbc4ABMIh

FlowiseAI Pre-Auth Arbitrary Code Execution GSA_kwCzR0hTQS03OTQ0LTdjNnItNTV2ds4ABMIg

Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover GSA_kwCzR0hTQS13Z3B2LTZqNjMteDVwaM4ABMB8

Flowise OS command remote code execution GSA_kwCzR0hTQS0ydnYyLTN4OHgtNGd2N84ABLD2

FlowiseDB vulnerable to SQL Injection by authenticated users GSA_kwCzR0hTQS05YzRjLWc5NW0tYzhjcM4ABGhA

Flowise allows arbitrary file write to RCE GSA_kwCzR0hTQS04dnZ4LXF2cTktNTk0OM4ABFfO

Flowise Pre-auth Arbitrary File Upload GSA_kwCzR0hTQS1oNDJ4LXh4MnEtNnY2Z84ABFbt

FlowiseAI Flowise arbitrary file upload vulnerability GSA_kwCzR0hTQS02OWpxLXFyN3ctajdxaM4ABFFr

Flowise OverrideConfig security vulnerability GSA_kwCzR0hTQS01Y3BoLXd2bTktNDVnas4ABBnC

Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting GSA_kwCzR0hTQS1tNXA5LXh2eGotNjRjOM4AA_wR

Flowise Unauthenticated Denial of Service (DoS) vulnerability GSA_kwCzR0hTQS00OHg0LW14OGYtZ3I0aM4AA--P

Flowise Authentication Bypass vulnerability GSA_kwCzR0hTQS0ycTR3LXg4aDItMmZ2aM4AA--Q

Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id GSA_kwCzR0hTQS04NThjLXF4dngtcmc5ds4AA-Y8

Flowise Cross-site Scripting in api/v1/chatflows/id GSA_kwCzR0hTQS0yamNoLXFjOTYtOWY1Z84AA-Y6

Flowise Cross-site Scripting in /api/v1/public-chatflows/id GSA_kwCzR0hTQS1mY2N4LTJwd2otaHJxN84AA-Y5

Flowise Cross-site Scripting in/api/v1/credentials/id GSA_kwCzR0hTQS13eG00LTlmOHAtZ2dnds4AA-Y7

Flowise Path Injection at /api/v1/openai-assistants-file GSA_kwCzR0hTQS1oOTk3LTNmeGotcDVqOM4AA-Y2

Flowise Cors Misconfiguration in packages/server/src/index.ts GSA_kwCzR0hTQS02NmYyLXh4Z20tZjZ4cM4AA-Y4

Flowise vulnerable to code injection via api/v1 GSA_kwCzR0hTQS02d3A2LTIyeDUtcnIzd84AA7Y-

Filter by Severity