flowise-components
17 known vulnerabilities · 0 critical · 0 high
Flowise: Cypher Injection in GraphCypherQAChain
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
Flowise Execute Flow function has an SSRF vulnerability
Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
Flowise: Authenticated RCE Via MCP Adapters
Flowise: Path Traversal in Vector Store basePath
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
Flowise: Code Injection in CSVAgent leads to Authenticated RCE
Flowise: Parameter Override Bypass Remote Command Execution
Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
Flowise is vulnerable to arbitrary file write through its WriteFileTool
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access