Flowise@* Security Vulnerabilities and Issues — Flowise@* CVE List

Lucene search

FlowiseaiFlowise*

9 matches found

CVE•added 2024/04/29 5:15 p.m.•659 views

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

7.6CVSS7.7AI score0.60738EPSS

CVE•added 2024/07/01 4:15 p.m.•78 views

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this is...

7.5CVSS7.4AI score0.001EPSS

CVE•added 2024/07/01 4:15 p.m.•77 views

CVE-2024-36422

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the api/v1/chatflows/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a...

6.1CVSS6.2AI score0.00049EPSS

CVE•added 2024/07/01 7:15 p.m.•76 views

CVE-2024-37146

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craf...

6.1CVSS6.2AI score0.00054EPSS

CVE•added 2024/07/01 7:15 p.m.•73 views

CVE-2024-37145

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able...

6.1CVSS6.2AI score0.00069EPSS

CVE•added 2024/07/01 7:15 p.m.•70 views

CVE-2024-36423

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used (unauthenticated), an attacker may be able to...

6.1CVSS6.2AI score0.00073EPSS

CVE•added 2024/09/25 1:15 a.m.•47 views

CVE-2024-9148

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed

9.6CVSS7.3AI score0.00091EPSS

CVE•added 2025/04/09 12:15 p.m.•44 views

CVE-2025-29189

Flowise

7.6CVSS7.5AI score0.00041EPSS

CVE•added 2024/07/01 4:15 p.m.•38 views

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arb...

7.5CVSS7.4AI score0.00052EPSS