27 matches found
CVE-2025-0184
CVE-2025-0184 describes an SSRF in langgenius/dify around the DOCX upload in the Create Knowledge flow (v0.10.2). The vulnerability triggers when a DOCX’s external relationship uses a reltype value fetched via the requests module instead of the SSRF proxy, enabling an attacker with access to the ...
CVE-2025-29720
CVE-2025-29720 describes a Server-Side Request Forgery (SSRF) in Dify via controllers.console.remote_files.RemoteFileUploadApi affecting Dify v1.0 (and references to v1.6.0 in related advisories). The underlying issue is a component exposure that can be triggered locally with user interaction req...
CVE-2025-32796
Dify (open‑source LLM app platform) prior to version 0.6.12 is affected by an access control flaw where normal users can enable/disable apps via the API despite UI restrictions. The root cause is an insufficiently enforced permissions model, allowing non‑admin changes that can disrupt app functio...
CVE-2025-32795
CVE-2025-32795 affects Dify, an open-source LLM app development platform. Prior to version 0.6.12, a misconfigured access control allowed normal/non-admin users to edit app details (names, descriptions, icons) despite not having permission to view apps, compromising integrity. Root cause: insuffi...
CVE-2025-1796
CVE-2025-1796 affects langgenius/dify v0.10.1. The root cause is a weak pseudo-random number generator used for password reset codes, implemented via random.randint, which is unsuitable for cryptographic use. An attacker with access to workflow tools can observe PRNG output and predict future res...
CVE-2024-12775
CVE-2024-12775 describes an SSRF in langgenius/dify v0.10.1, triggered via the test functionality of Create Custom Tool in REST API POST /console/api/workspaces/current/tool-provider/api/test/pre. The flaw allows an attacker to provide an arbitrary URL in the servers.url field of the OpenAI schem...
CVE-2025-32790
CVE-2025-32790 affects Dify versions 0.6.8 and earlier. The vulnerability allows normal users to export APP DSL via the /export feature due to insufficient access control. Root cause: improper permission checks enabling export without admin privileges. Documented impacts indicate potential exposu...
CVE-2025-43854
DIFY (LangGenius Open Source) prior to version 1.3.0 is affected by a clickjacking vulnerability in the default web setup. The issue allows an attacker to trick users into clicking on elements, potentially triggering unauthorized actions and compromising security/privacy. The vulnerability is fix...
CVE-2025-43862
CVE-2025-43862 relates to Dify, an open-source LLM app development platform. Prior to version 0.6.12, a normal (non-admin) user could access and modify APP orchestration despite UI restrictions, due to an access-control flaw. This could allow unauthorized access and changes to APPs. The issue is ...
CVE-2025-3466
CVE-2025-3466 affects langgenius/dify versions 1.1.0–1.1.2. Root cause is unsanitized input in the code node that enables overriding global JavaScript functions (e.g., parseInt) before sandbox restrictions, allowing arbitrary code execution with full root permissions. Documented impact includes a...
CVE-2024-12776
CVE-2024-12776 affects langgenius/dify v0.10.1. The issue is that the /forgot-password/resets endpoint does not verify the password reset code, enabling an attacker to reset the password of any user, including administrators, potentially leading to full compromise of the application. Root cause: ...
CVE-2024-10252
CVE-2024-10252 affects langgenius/dify
CVE-2024-11824
CVE-2024-11824 is a stored XSS in langgenius/dify (chat log functionality). The issue arises because certain HTML tags, such as and , are not disallowed, enabling an attacker to inject malicious HTML via prompts. When an admin views the compromised log, credentials or sensitive information could...
CVE-2024-11821
CVE-2024-11821 affects langgenius/dify 0.9.1. The issue is a privilege escalation where a normal user can modify Orchestrate instructions for an admin-created chatbot due to improper access control on the endpoint /console/api/apps/{chatbot-id}/model-config. The CVE entry lists a CVSSv3 base scor...
CVE-2024-11850
CVE-2024-11850 describes a stored XSS vulnerability in the latest version of langgenius/dify, caused by improper validation/sanitization of user input in SVG markdown support within the chatbot feature. An attacker can inject malicious SVG content that executes JavaScript when viewed by an admin,...
CVE-2026-41950
CVE-2026-41950 affects Dify before version 1.14.0. An authorization bypass in the chat-messages flow allows an authenticated user to read full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. The ro...
CVE-2024-12039
The CVE-2024-12039 entry concerns langgenius/dify v0.10.1, where the password-reset flow has no limit on code-guess attempts. An unauthenticated attacker can brute-force a six-digit code to reset passwords (owner/admin/other users), leading to complete compromise of the application. Root cause: l...
CVE-2025-63387
CVE-2025-63387 affects Dify v1.9.1. An unauthenticated GET request to the endpoint /console/api/system-features bypasses authorization, exposing sensitive system configuration data. This constitutes a broken access control issue described across multiple sources (NVD, nuclei template, VulnCheck K...
CVE-2025-3467
CVE-2025-3467 is a stored/reflected XSS in langgenius/dify before 1.1.3 that specifically affects Firefox. The vulnerability allows an attacker to exfiltrate the administrator’s token by injecting a payload in a published chat; when the admin views the conversation via the monitoring/log function...
CVE-2025-49149
Dify, an open-source LLM app platform, has a vulnerability in version 1.2.0 caused by insufficient filtering of user input in web applications, allowing injection of malicious script and potentially leading to cross-site scripting (XSS) when users browse affected pages. The CVE entries consistent...
CVE-2025-58747
CVE-2025-58747 affects Dify up to version 1.9.1, where the MCP OAuth flow passes the remote server’s authorization_url directly to window.open without validation, enabling arbitrary JavaScript execution (XSS) when a victim connects to a malicious MCP server. Affected component: MCP OAuth in Dify....
CVE-2025-56157
CVE-2025-56157 affects Dify up to version 1.5.1, where default PostgreSQL credentials are defined in the docker-compose.yaml in the source. The vulnerability arises from hard-coded credentials, with the database (PostgreSQL on port 5432) referenced in the config; supplier notes that the Docker se...
CVE-2026-42138
CVE-2026-42138 affects Dify (open-source LLM app development platform). Before v1.13.1, an SVG upload via POST /api/files/upload allowed unauthenticated XSS, and POST /v1/files/upload was also vulnerable when authenticated. The issue is patched in v1.13.1. Impact is stored XSS; remediation is upg...
CVE-2025-59422
CVE-2025-59422 affects Dify (open‑source LLM app platform) in version 1.8.1. A broken access control flaw on the endpoint /console/api/apps/chat-messages?conversation_id=&limit=10 allows users in the same workspace to read other users’ chat messages, including query data and filenames, if the con...
CVE-2025-11750
CVE-2025-11750 affects langgenius/dify-web version 1.6.0. Multiple connected sources confirm an authentication flaw where login/registration error messages distinguish between non-existent vs. existing usernames or emails (e.g., “account not found”), enabling user enumeration. This can facilitate...
CVE-2025-63386
CVE-2025-63386 affects Dify v1.9.1, specifically the /console/api/setup endpoint. The vulnerability arises from a misconfigured CORS policy that reflects any Origin header and sets Access-Control-Allow-Credentials: true, allowing arbitrary external domains to make authenticated requests. Impact i...
CVE-2025-63388
The CVE-2025-63388 entry concerns Dify v1.9.1, specifically the /console/api/system-features endpoint. A misconfigured CORS policy is described as reflecting arbitrary Origin headers and setting Access-Control-Allow-Credentials: true, potentially enabling cross-origin requests to be authenticated...