com.jayxu:demo (>=0.10.0 <=0.11.0), com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example (>=3.0.9 <=3.1.0) +8 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=4.0.1 <=4.0.3)

org.springframework.boot:spring-boot-devtools MAVEN version =4.0.1, =0.10.0, =3.0.9, =3.0.9, =3.0.9, =3.0.9, =2.0.0, =2.1.1 - de.tschuehly:spring-view-component-thymeleaf =0.9.1 - io.stereov.singularity:core =1.10.6 - org.flowable:flowable-app-rest =8.0.0 - se.swedenconnect.bankid:bankid-idp =1.3...

org.apache.syncope.client.am:syncope-client-am-console (>=3.0.0 <=3.0.15), org.apache.syncope.client.am:syncope-client-am-enduser (>=3.0.12 <=3.0.15) +13 more potentially affected by CVE-2026-23794 via org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (>=3.0.0 <=3.0.15)

org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui MAVEN version =3.0.0, =3.0.0, =3.0.12, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.15 - org.apache.syncope.ext.saml2sp4ui:syncope-ext-saml2sp4...

Flow code issues and vulnerabilities

Flow is a free and open-source enterprise-level process application developed by FlowwJ, a Chinese developer. It combines technologies such as Flowable to create an integrated process engine solution. There are code issues and vulnerabilities in Flow; these vulnerabilities stem from incorrect...

Flowable 2025.2 Brings Governed Multi-Agent AI Orchestration to Enterprises

Flowable has launched version 2025.2 of its enterprise work orchestration platform, adding support for governed multi-agent AI, impact…...

Gartner Recognizes Flowable in 2025 Magic Quadrant for Business Orchestration and Automation Technologies

ZÜRICH, Switzerland - Flowable, a global provider of enterprise automation and orchestration software, has been recognized in the…...

Governance-Driven Automation: How Flowable Is Redefining Digital Process Management

A newly published independent research report highlights Flowable’s rise in the digital process automation market. Built on open-source…...

Flowable Named in the latest Gartner® Market Guide for BPA Tools

ZURICH, Switzerland - Zurich-based automation platform Flowable has been recognized as a Representative Vendor in the Gartner newly released…...

Flowable’s Smart Automation Tools Are Reshaping How Enterprises Operate in 2025

As more businesses face pressure to do more with fewer resources, automation platforms like Flowable are becoming central…...

A Bootiful Podcast: Flowable cofounder and my friend Joram Barrez on workflow, case management, AI, Spring, and so much more

Hi, Spring fans! In this installment I catch up with my friend Joram Barrez, cofounder of Flowable, an amazing and opensource workflow engine, on their latest and greatest, AI, Spring, and so much more. workflow bpmn apache2 springboot java...

This Week in Spring - August 23rd, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a ton to cover, so lets dive right into it! A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful Podcast on workflow, business process management, and more Building IoT Applications Using Fauna and Spring...

A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful Podcast on workflow, business process management, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Flowable founder Joram Barrez @jbarrez about workflow, business process management BPM, decision management, rules, and so much more...

entfrm-bpmn (>=8.6.2 <=8.6.6), entfrm-flowable-designer (>=1.0.0 <=1.2.6) +4 more potentially affected by CVE-2021-23460 via min-dash (=3.5.2)

min-dash NPM version =3.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on min-dash and may be impacted: - entfrm-bpmn =8.6.2, =1.0.0, =2.2.0, =1.0.0, =1.1.3 Source cves: CVE-2021-23460 Source advisory: SNYK:JS-MINDASH-2340605...

Shell command injection in Apache Syncope

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

GHSA-P2RP-CMJQ-R7WM Shell command injection in Apache Syncope

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

Remote code execution

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...

Arbitrary Code Execution

syncope-ext-flowable-bpmn is vulnerable to arbitrary code execution. An administrator with workflow entitlements can use Shell Service Tasks to perform arbitrary code execution when the Flowable extension is enabled...