Langflow Security Vulnerabilities and Issues — Langflow CVE List

Lucene search

LangflowLangflow

4 matches found

CVE•added 2025/04/07 3:15 p.m.•301 views

CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection inthe /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrarycode.

9.8CVSS8AI score0.92409EPSS

CVE•added 2024/06/10 8:15 p.m.•80 views

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.

9.8CVSS7.9AI score0.01839EPSS

CVE•added 2024/11/04 11:15 p.m.•48 views

CVE-2024-48061

langflow

9.8CVSS7.4AI score0.01012EPSS

CVE•added 2024/10/31 2:15 p.m.•47 views

CVE-2024-42835

langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.

9.8CVSS8.4AI score0.01617EPSS