Package impact
PyPI / langflow
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33017 | critical | 9.8 | 10.0 | 3mo ago | Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. | |||
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage… | |||
| CVE-2026-42048 | critical | 9.6 | 9.6 | 23d ago | Langflow Knowledge Bases API is Vulnerable to Path Traversal | |||
| CVE-2026-34046 | high | 8.8 | 8.8 | 2mo ago | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check | |||
| CVE-2026-6599 | medium | 6.3 | 6.3 | 2mo ago | Langflow vulnerable to injection | |||
| CVE-2026-6598 | medium | 4.3 | 4.3 | 2mo ago | Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint |