Package impact
PyPI / langflow
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6599 | medium | 6.3 | 6.3 | 2mo ago | Langflow vulnerable to injection | |||
| CVE-2026-6598 | medium | 4.3 | 4.3 | 2mo ago | Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint | |||
| CVE-2025-3248 | unknown | — | 2.5 | 1y ago | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. |