Flowiseai: >> Flowise >> 1.8.2 Security Vulnerabilities
Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-04-09
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-09-25
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-27
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
CVSS Score
9.8
EPSS Score
0.68
Published
2024-08-27