Lucene search
K

40 matches found

Snyk
Snyk
added 2026/04/16 9:18 p.m.9 views

Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Command Injection via the Custom MCP configuration in http://localhost:3000/canvas. An attacker can execute arbitrary commands on the underlying operating system by supplying crafted argument...

9.9CVSS6.3AI score0.01987EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/11 12:24 a.m.6 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTP Node as it is used in AgentFlow and Chatflow. An attacker can access internal network resources, retrieve sensitive information, or modify and...

9.4CVSS5.8AI score0.023EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/11 10:23 p.m.8 views

@cognigy/cognigy-cli (>=1.9.7 <=2.1.0), @meta-1/nest-ai (>=0.0.1 <=0.0.5) +10 more potentially affected by CVE-2026-26019 via @langchain/community (>=1.0.0 <=1.1.12)

@langchain/community NPM version =1.0.0, =1.9.7, =0.0.1, =0.2.0, =0.0.16, =1.4.13, =1.0.24, =1.0.0, =3.1.0, =0.3.0, =0.0.210, =0.1.1, =0.1.2 Source cves: CVE-2026-26019 Source advisory: SNYK:JS-LANGCHAINCOMMUNITY-15268428...

4.1CVSS7.5AI score0.00371EPSS
Exploits0
Snyk
Snyk
added 2025/10/14 9:30 p.m.2 views

Arbitrary Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters...

9.9CVSS7.9AI score0.50789EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2025/10/10 10:55 p.m.6 views

copilot-studio-datainsight (>=0.0.1 <=0.0.6), flowise (>=1.6.1 <=2.2.8) potentially affected by CVE-2025-61913 via flowise-components (>=1.3.4 <=2.2.8)

flowise-components NPM version =1.3.4, =0.0.1, =1.6.1, =2.2.8 Source cves: CVE-2025-61913 Source advisory: OSV:GHSA-J44M-5V8F-GC9C...

9.9CVSS5.8AI score0.12115EPSS
Exploits1
Snyk
Snyk
added 2025/10/09 3:21 p.m.7 views

Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via the WriteFile and ReadFile tools. An attacker can gain full control over the server, including executing arbitrary commands, by supplying crafted file paths that allow...

9.9CVSS7.4AI score0.12115EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/10/09 3:21 p.m.7 views

copilot-studio-datainsight (>=0.0.1 <=0.0.6), flowise (>=1.6.1 <=2.2.8) potentially affected by CVE-2025-61913 via flowise-components (>=1.3.4 <=2.2.8)

flowise-components NPM version =1.3.4, =0.0.1, =1.6.1, =2.2.8 Source cves: CVE-2025-61913 Source advisory: OSV:GHSA-JV9M-VF54-CHJJ...

9.9CVSS5.8AI score0.12115EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/09/15 8:11 p.m.8 views

flowise (>=2.0.0 <=2.2.8) potentially affected by unknown CVE via flowise-components (=2.2.8)

flowise-components NPM version =2.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on flowise-components and may be impacted: - flowise =2.0.0, =2.2.8 Source cves: unknown CVE Source advisory: SNYK:JS-FLOWISECOMPONENTS-12878598...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/09/15 8:11 p.m.3 views

Path Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Path Traversal via improper validation of the user-supplied chatflowid identifier in the addBase64FilesToStorage function. An attacker can access or modify arbitrary files, execute code, or...

9.1CVSS7.5AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 8:0 p.m.2 views

Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via improper validation of the chatId parameter in the file access process. An attacker can access sensitive files on the server filesystem, including database files...

9.1CVSS7.8AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:59 p.m.5 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertToValidJSONString function. An attacker can execute arbitrary JavaScript code with full server privileges by supplying malicious input to the...

10CVSS7.7AI score0.90183EPSS
Exploits21References2
vulnersOsv
vulnersOsv
added 2025/09/15 7:59 p.m.7 views

flowise (>=2.0.0 <=2.2.8) potentially affected by CVE-2025-59528 via flowise-components (=2.2.8)

flowise-components NPM version =2.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on flowise-components and may be impacted: - flowise =2.0.0, =2.2.8 Source cves: CVE-2025-59528 Source advisory: SNYK:JS-FLOWISECOMPONENTS-12818376...

10CVSS7.3AI score0.90183EPSS
Exploits21
vulnersOsv
vulnersOsv
added 2025/09/15 7:53 p.m.16 views

flowise (>=1.6.1 <=2.2.8) potentially affected by CVE-2025-59527 via flowise-components (>=1.8.6 <=2.2.8)

flowise-components NPM version =1.8.6, =1.6.1, =2.2.8 Source cves: CVE-2025-59527 Source advisory: SNYK:JS-FLOWISECOMPONENTS-12840076...

7.5CVSS5.8AI score0.04666EPSS
Exploits1
Snyk
Snyk
added 2025/09/15 7:53 p.m.3 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the fetch-links feature when user-supplied URLs are not validated. An attacker can access internal network resources and sensitive...

8.7CVSS6.6AI score0.04666EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/15 7:51 p.m.3 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the supabaseRPCFilter parameter. An attacker with administrative privileges can execute arbitrary server-side code, access sensitive environment variables, and...

9.1CVSS7.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/15 7:51 p.m.12 views

flowise (>=1.6.1 <=2.2.8) potentially affected by unknown CVE via flowise-components (>=1.8.6 <=2.2.8)

flowise-components NPM version =1.8.6, =1.6.1, =2.2.8 Source cves: unknown CVE Source advisory: SNYK:JS-FLOWISECOMPONENTS-12818395...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/08/14 10:43 a.m.1 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection due to the unsafe implementation of a dynamic Function constructor. An attacker can execute arbitrary JavaScript code on the server by sending a crafted POST request...

9.8CVSS7.8AI score0.1742EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/14 10:43 a.m.6 views

@proompter/demo-next (>=0.0.16 <=0.0.19), @proompter/flowise (>=1.4.13 <=1.4.14) +2 more potentially affected by CVE-2025-8943 via flowise-components (>=1.3.4 <=3.1.2)

flowise-components NPM version =1.3.4, =0.0.16, =1.4.13, =0.0.1, =1.0.0, =3.1.2 Source cves: CVE-2025-8943 Source advisory: SNYK:JS-FLOWISECOMPONENTS-11953677...

9.8CVSS6AI score0.70866EPSS
Exploits3
Snyk
Snyk
added 2025/08/14 10:43 a.m.3 views

Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Command Injection via the CustomMCP class. An attacker can gain unauthorized remote access and execute arbitrary operating system commands by sending crafted requests over the network. This i...

9.8CVSS8.2AI score0.70866EPSS
Exploits3References2
Veracode
Veracode
added 2025/04/18 5:12 a.m.36 views

SQL Injection

flowise-components is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the tableName parameter in PostgresVectorStore, which allows an attacker to execute arbitrary SQL commands...

7.6CVSS7.7AI score0.00271EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder