Package impact
PyPI / langflow
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3248 | unknown | — | 2.5 | 1y ago | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. | |||
| CVE-2026-27966 | unknown | — | 1.0 | 3mo ago | Langflow has Remote Code Execution in CSV Agent | |||
| CVE-2026-0770 | unknown | — | 1.0 | 4mo ago | Langflow affected by Remote Code Execution via validate_code() exec() |