Flowise Security Vulnerabilities and Issues — Flowise CVE List

Lucene search

FlowiseaiFlowise

5 matches found

CVE•added 2024/04/29 5:15 p.m.•659 views

CVE-2024-31621

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

7.6CVSS7.7AI score0.60738EPSS

CVE•added 2024/07/01 4:15 p.m.•78 views

CVE-2024-36420

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this is...

7.5CVSS7.4AI score0.00216EPSS

CVE•added 2024/08/27 1:15 p.m.•63 views

CVE-2024-8182

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.

7.5CVSS6.8AI score0.0009EPSS

CVE•added 2025/04/09 12:15 p.m.•44 views

CVE-2025-29189

Flowise

7.6CVSS7.5AI score0.00053EPSS

CVE•added 2024/07/01 4:15 p.m.•38 views

CVE-2024-36421

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arb...

7.5CVSS7.4AI score0.00151EPSS