Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-8c4j-f57c-35cf
  • PyPI/langflow
  • PyPI/langflow-base
 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check 27 Mar
  • Fix available
  • Severity - 8.7 (High)
GHSA-v8hw-mh8c-jxfc
  • PyPI/langflow
 Langflow has Authenticated Code Execution in Agentic Assistant Validation 26 Mar
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-ph9w-r52h-28p7
  • PyPI/langflow
 langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading 20 Mar
  • Fix available
  • Severity - 8.7 (High)
GHSA-7grx-3xcx-2xv5
  • PyPI/langflow
 langflow has Unauthenticated IDOR on Image Downloads 20 Mar
  • No fix available
  • Severity - 7.5 (High)
GHSA-g2j9-7rj2-gm6c
  • PyPI/langflow
 Langflow has an Arbitrary File Write (RCE) via v2 API 19 Mar
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-rf6x-r45m-xv3w
  • PyPI/langflow
 Langflow is Missing Ownership Verification in API Key Deletion (IDOR) 18 Mar
  • Fix available
  • Severity - 7.1 (High)
GHSA-vwmf-pq79-vjvx
  • PyPI/langflow
 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint 17 Mar
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-3645-fxcv-hqr4
  • PyPI/langflow
 Langflow has Remote Code Execution in CSV Agent 27 Feb
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-g22f-v6f7-2hrh
  • PyPI/langflow
 Langflow affected by Remote Code Execution via validate_code() exec() 23 Jan
  • No fix available
  • Severity - 8.9 (High)
GHSA-c5cp-vx83-jhqx
  • PyPI/langflow
  • PyPI/langflow-base
 Langflow Missing Authentication on Critical API Endpoints 02 Jan
  • Fix available
  • Severity - 8.8 (High)
GHSA-f43r-cc68-gpx4
  • PyPI/langflow
 External Control of File Name or Path in Langflow 19 Dec 2025
  • Fix available
  • Severity - 7.1 (High)
GHSA-5993-7p27-66g5
  • PyPI/langflow
 Langflow vulnerable to Server-Side Request Forgery 19 Dec 2025
  • Fix available
  • Severity - 7.7 (High)
GHSA-577h-p2hh-v4mv
  • PyPI/langflow
 Langflow CORS misconfiguration enables Account Takeover and RCE 06 Dec 2025
  • No fix available
  • Severity - 9.4 (Critical)
GHSA-4gv9-mp8m-592r
  • PyPI/langflow
  • PyPI/langflow-base
 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE) 25 Aug 2025
  • Fix available
  • Severity - 8.8 (High)
GHSA-rvqx-wpfh-mfx7
  • PyPI/langflow
  • PyPI/langflow-base
 Langflow Unauth RCE 17 Jun 2025
  • Fix available
  • Severity - 9.3 (Critical)
PYSEC-2025-36
  • PyPI/langflow
 See record for full details 07 Apr 2025
  • Fix available
  • Severity - 9.8 (Critical)
Load more...(1 page left)