| CVE-2025-34291 |
high |
8.8 |
10.0 |
|
|
|
6mo ago |
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage… |
| CVE-2026-34046 |
high |
8.8 |
8.8 |
|
|
|
2mo ago |
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check |
| CVE-2026-6599 |
medium |
6.3 |
6.3 |
|
|
|
2mo ago |
Langflow vulnerable to injection |
| CVE-2026-6598 |
medium |
4.3 |
4.3 |
|
|
|
2mo ago |
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint |
| CVE-2026-6597 |
low |
2.7 |
2.7 |
|
|
|
2mo ago |
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… |
| CVE-2025-3248 |
unknown |
— |
2.5 |
|
|
|
1y ago |
Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. |
