Flowise Security Vulnerabilities and Issues — Flowise CVE List

Lucene search

FlowiseaiFlowise

12 matches found

CVE•added 2024/04/29 5:15 p.m.•659 views

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

7.6CVSS7.7AI score0.60738EPSS

CVE•added 2025/03/04 10:15 p.m.•98 views

CVE-2025-26319

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

9.8CVSS7.7AI score0.68583EPSS

CVE•added 2024/07/01 4:15 p.m.•78 views

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this is...

7.5CVSS7.4AI score0.001EPSS

CVE•added 2024/07/01 4:15 p.m.•77 views

CVE-2024-36422

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a...

6.1CVSS6.2AI score0.00049EPSS

CVE•added 2024/07/01 7:15 p.m.•76 views

CVE-2024-37146

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craf...

6.1CVSS6.2AI score0.00054EPSS

CVE•added 2024/07/01 7:15 p.m.•73 views

CVE-2024-37145

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able...

6.1CVSS6.2AI score0.00069EPSS

CVE•added 2024/07/01 7:15 p.m.•70 views

CVE-2024-36423

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able to...

6.1CVSS6.2AI score0.00073EPSS

CVE•added 2024/08/27 1:15 p.m.•66 views

CVE-2024-8181

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

9.8CVSS7AI score0.67951EPSS

CVE•added 2024/08/27 1:15 p.m.•63 views

CVE-2024-8182

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.

7.5CVSS6.8AI score0.0009EPSS

CVE•added 2024/09/25 1:15 a.m.•47 views

CVE-2024-9148

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed

9.6CVSS7.3AI score0.00091EPSS

CVE•added 2025/04/09 12:15 p.m.•44 views

CVE-2025-29189

Flowise

7.6CVSS7.5AI score0.00041EPSS

CVE•added 2024/07/01 4:15 p.m.•38 views

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arb...

7.5CVSS7.4AI score0.00052EPSS