Security: FlowiseAI/Flowise
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Evaluator create+update mass-assignment allows cross-workspace evaluator takeoverGHSA-wxrr-jp8m-qq7f published
May 14, 2026 by igor-magun-wdHigh -
Evaluation create+update mass-assignment allows cross-workspace evaluation takeoverGHSA-mq53-pc65-wjc4 published
May 14, 2026 by igor-magun-wdHigh -
Dataset create+update mass-assignment allows cross-workspace dataset takeoverGHSA-5h9v-837x-m97r published
May 14, 2026 by igor-magun-wdHigh -
DatasetRow create+update mass-assignment allows cross-workspace row takeoverGHSA-7j65-65cr-6644 published
May 14, 2026 by igor-magun-wdHigh -
CustomTemplate create+update mass-assignment allows cross-workspace template takeoverGHSA-728h-4mwj-f2p4 published
May 14, 2026 by igor-magun-wdHigh -
Assistant create+update mass-assignment allows cross-workspace assistant takeoverGHSA-78pr-c5x5-jggc published
May 14, 2026 by igor-magun-wdHigh -
Vector Store No Permission ChecksGHSA-hmg2-jjjx-jcp2 published
May 14, 2026 by igor-magun-wdHigh -
Credential Data LeakGHSA-7g73-99r4-m4mj published
May 14, 2026 by igor-magun-wdHigh -
Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected ChatflowsGHSA-c2c9-mfw7-p8hw published
May 14, 2026 by igor-magun-wdModerate -
Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox EscapeGHSA-9rvc-vf7m-pgm2 published
May 14, 2026 by igor-magun-wdCritical