Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit Critical
CVE-2026-55447 was published for langflow (pip) Jun 19, 2026
vbCrLf Credited to vbCrLf, AntonioABLima, andifilhohub, erichare, and Adam-Aghili AntonioABLima AntonioABLima
andifilhohub andifilhohub erichare erichare Adam-Aghili Adam-Aghili
Langflow: Unauthenticated DoS through multipart form boundary file upload High
CVE-2026-55446 was published for langflow (pip) Jun 19, 2026
ethansilvas Credited to ethansilvas, AntonioABLima, and andifilhohub AntonioABLima AntonioABLima
andifilhohub andifilhohub
Langflow: Logout button does not clear session Moderate
CVE-2026-55423 was published for langflow (pip) Jun 19, 2026
iann0036 Credited to iann0036, Cristhianzl, AntonioABLima, and andifilhohub Cristhianzl Cristhianzl
AntonioABLima AntonioABLima andifilhohub andifilhohub
yzeirnials Credited to yzeirnials, andifilhohub, LeftenantZero, Zwique, AntonioABLima, erichare, and Adam-Aghili andifilhohub andifilhohub
LeftenantZero LeftenantZero Zwique Zwique AntonioABLima AntonioABLima erichare erichare Adam-Aghili Adam-Aghili
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak Critical
CVE-2026-55450 was published for langflow (pip) Jun 17, 2026
vbCrLf Credited to vbCrLf, Jkavia, erichare, AntonioABLima, andifilhohub, and Adam-Aghili Jkavia Jkavia
erichare erichare AntonioABLima AntonioABLima andifilhohub andifilhohub Adam-Aghili Adam-Aghili
Langflow: Unauthenticated RCE in Shareable Playgrounds Critical
CVE-2026-48519 was published for langflow (pip) Jun 16, 2026
vbCrLf Credited to vbCrLf, Jkavia, andifilhohub, and AntonioABLima Jkavia Jkavia
andifilhohub andifilhohub AntonioABLima AntonioABLima
Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint Moderate
CVE-2026-42867 was published for langflow (pip) Jun 16, 2026
nekros1xx Credited to nekros1xx, Cristhianzl, andifilhohub, and AntonioABLima Cristhianzl Cristhianzl
andifilhohub andifilhohub AntonioABLima AntonioABLima
Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints High
CVE-2026-33760 was published for langflow (pip) Jun 16, 2026
akshatgit Credited to akshatgit, AntonioABLima, andifilhohub, ethansilvas, yzeirnials, and Jkavia AntonioABLima AntonioABLima
andifilhohub andifilhohub ethansilvas ethansilvas yzeirnials yzeirnials Jkavia Jkavia
Langflow Knowledge Bases API is Vulnerable to Path Traversal Critical
CVE-2026-42048 was published for langflow (pip) May 5, 2026
ddlxstudio Credited to ddlxstudio, nekros1xx, AntonioABLima, Cristhianzl, and andifilhohub nekros1xx nekros1xx
AntonioABLima AntonioABLima Cristhianzl Cristhianzl andifilhohub andifilhohub
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check High
CVE-2026-34046 was published for langflow (pip) Mar 27, 2026
chximn-dt Credited to chximn-dt and AntonioABLima AntonioABLima AntonioABLima
langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading High
CVE-2026-33497 was published for langflow (pip) Mar 20, 2026
r00tuser111 Credited to r00tuser111, erichare, and AntonioABLima erichare erichare
AntonioABLima AntonioABLima
ProTip! Advisories are also available from the GraphQL API