PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

CVE-2026-27966 Langflow has Remote Code Execution in CSV Agent

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

PT-2026-22107

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow, a tool for building and deploying AI-powered agents and workflows, contains a flaw in the CSV Agent node. Prior to version 1.8.0, the allow dangerous code parameter is hardcoded to True,...

MAL-2025-41309 Malicious code in montage-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 285d4d62fe8147f0b104cedb1c1bc54ecc1a11483fb2240f89369ddd2de3b7d3 The OpenSSF Package Analysis project identified 'montage-agent' @ 99.0.9 npm as malicious. It is considered malicious because: - The package...

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/linux-x64 (>=0.0.0 <=7.33.3)

@pnpm/linux-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.0 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...

@emberai/agent-node (>=1.1.0 <=1.2.0), @pnpm/beta (>=0.0.0 <=0.0.6-6.17.0) +1 more potentially affected by CVE-2023-37478 via @pnpm/win-x64 (>=0.0.0 <=7.33.3)

@pnpm/win-x64 NPM version =0.0.0, =1.1.0, =0.0.0, =6.17.1, =11.5.0 Source cves: CVE-2023-37478 Source advisory: OSV:GHSA-5R98-F33J-G8H7...