| CVE-2026-33017 |
critical |
9.8 |
10.0 |
|
|
|
3mo ago |
Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. |
| CVE-2026-42048 |
critical |
9.6 |
9.6 |
|
|
|
23d ago |
Langflow Knowledge Bases API is Vulnerable to Path Traversal |
| CVE-2026-6599 |
medium |
6.3 |
6.3 |
|
|
|
2mo ago |
Langflow vulnerable to injection |
| CVE-2026-6598 |
medium |
4.3 |
4.3 |
|
|
|
2mo ago |
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint |
| CVE-2026-6597 |
low |
2.7 |
2.7 |
|
|
|
2mo ago |
A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… |
| CVE-2025-3248 |
unknown |
— |
2.5 |
|
|
|
1y ago |
Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. |
