GHSA-8HG8-63C5-GWMX vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

Summary When a NodeVM is created with nesting: true, sandbox code can unconditionally require'vm2' regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and executes...

vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

Summary NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not dereference symlinks but module loading uses Node's...

GHSA-947F-4V7F-X2V8 vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape

Summary NodeVM's builtin allowlist can be bypassed when the module builtin is allowed including via the '' wildcard. The module builtin exposes Node's Module.load, which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed co...

PT-2026-38390

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description NodeVM's builtin allowlist can be bypassed when the module builtin is allowed, including when the wildcard is used. The module builtin exposes Node's Module. load function, which loads any module by nam...

CVE-2025-34267

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

EUVD-2025-34455

Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages...

Arbitrary Command Injection

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters. An authenticat...

Arbitrary Command Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Command Injection via the nodevm execution environment when integrated modules such as Puppeteer or Playwright are used with attacker-controlled browser binary paths and parameters...

GHSA-R4HH-PCGX-J5R2 Flowise: Authenticated Command Execution and Sandbox Bypass via Puppeteer and Playwright Packages

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

CVE-2025-34267

Flowise v3.0.1 3.0.8 and all versions after with 'ALLOWBUILTINDEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules Puppeteer and Playwright within the nodevm execution environment. An authenticated attacker...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise, which stems from improper use of integration modules in the nodevm execution environment and could allow an authenticated attacker to bypass sandbox restrictions and execute...

PT-2025-42175

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.1 through 3.0.7 Flowise versions 3.0.8 and later with 'ALLOW BUILTIN DEP' enabled Description The software contains an authenticated remote code execution issue and a node VM sandbox escape. This is due to insecure use of...