146 matches found
CVE-2026-41137
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the...
MAL-2026-3661 Malicious code in pandas-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3e3d51b95102fd72f00c2b6c4bce7e34a801326dfbe7557f2d4346ed37508 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...
Malicious code in pandas-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 34c3e3d51b95102fd72f00c2b6c4bce7e34a801326dfbe7557f2d4346ed37508 Package installs persistent malware acting as Rat, with the focus of stealing data and modifying copied cryptowallet addresses. --- Category: MALICIOUS - The...
GHSA-WCR3-GM9F-F87Q Ludwig framework is vulnerable to insecure deserialization through its predict() method.
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...
CVE-2026-41138
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
CVE-2026-41138
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
CVE-2026-41137
Flowise CVE-2026-41137 affects the Flowise UI stack, specifically the CSVAgent component, which allows providing a custom Pandas CSV read code. The lack of sanitization enables a command-injection payload to be interpolated and executed by the server. This is documented across multiple sources, w...
EUVD-2026-25277
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the...
CVE-2026-41138
Summary (CVE-2026-41138): Flowise Flowise 3.x contains a remote code execution vulnerability in the Airtable_Agent path (AirtableAgent.ts) due to lack of input verification when using Pandas. User input is injected into the prompt’s question parameter and reflected into Python code without saniti...
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
EUVD-2026-25278
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
CVE-2026-41138
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
PT-2026-34730
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...
PT-2026-34729
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the...
Flowise 代码注入漏洞
Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a code injection vulnerability. This vulnerability stemmed from the CSVAgent component, which allowed the provision of custom Pandas CSV reading code. Lack of...
dagster-deltalake-pandas (>=0.21.9 <=0.29.0), dagster-deltalake-polars (>=0.21.9 <=0.29.0) potentially affected by CVE-2026-41490 via dagster-deltalake (>=0.21.10 <=0.29.0)
dagster-deltalake PYPI version =0.21.10, =0.21.9, =0.21.9, =0.29.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERDELTALAKE-16109576...
dagster-snowflake-pandas (>=0.17.3 <=0.29.0), dagster-snowflake-polars (>=0.27.2 <=0.29.0) +2 more potentially affected by CVE-2026-41490 via dagster-snowflake (>=0.17.21 <=0.29.0)
dagster-snowflake PYPI version =0.17.21, =0.17.3, =0.27.2, =0.17.21, =1.0.0, =1.1.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERSNOWFLAKE-16109579...
dagster-deltalake-pandas (>=0.21.9 <=0.29.0), dagster-deltalake-polars (>=0.21.9 <=0.29.0) potentially affected by CVE-2026-41490 via dagster-deltalake (>=0.21.9 <=0.29.0)
dagster-deltalake PYPI version =0.21.9, =0.21.9, =0.21.9, =0.29.0 Source cves: CVE-2026-41490 Source advisory: OSV:GHSA-MJW2-V2HM-WJ34...
dagster-gcp-pandas (>=0.17.21 <=0.29.0), dagster-gcp-pyspark (>=0.17.21 <=0.29.0) +1 more potentially affected by CVE-2026-41490 via dagster-gcp (>=0.17.21 <=0.29.0)
dagster-gcp PYPI version =0.17.21, =0.17.21, =0.17.21, =0.1.0, =0.1.6 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERGCP-16109578...