Security: langflow-ai/langflow
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Path Traversal in Knowledge Bases API via Creation EndpointGHSA-79ph-745m-6wxq published
Jun 11, 2026 by AntonioABLimaModerate -
IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 EndpointsGHSA-9c59-2mvc-vfr8 published
Jun 11, 2026 by AntonioABLimaHigh -
Authenticated Code Execution in Agentic Assistant ValidationGHSA-v8hw-mh8c-jxfc published
Mar 24, 2026 by andifilhohubCritical -
IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowGHSA-qrpv-q767-xqq2 published
Jun 19, 2026 by AntonioABLimaCritical -
Unauthenticated Remote Code Execution in Langflow via Public Flow Build EndpointGHSA-vwmf-pq79-vjvx published
Mar 16, 2026 by andifilhohubCritical -
Path Traversal in Knowledge Bases API via Bulk Delete EndpointGHSA-9whx-c884-c68q published
Apr 27, 2026 by AntonioABLimaCritical -
Unauthenticated IDOR on Image DownloadsGHSA-7grx-3xcx-2xv5 published
Mar 20, 2026 by andifilhohubHigh -
Arbitrary File Write (RCE) via v2 APIGHSA-g2j9-7rj2-gm6c published
Mar 18, 2026 by andifilhohubCritical -
Unauthenticated Shareable Playground arbitrary local or S3 file readGHSA-rcjh-r59h-gq37 published
Jun 9, 2026 by AntonioABLimaModerate -
BaseFileComponent-based nodes arbitrary file read with RCE exploitGHSA-ccv6-r384-xp75 published
Jun 19, 2026 by AntonioABLimaCritical