flowise-components (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package flowise-components, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2026-40933 — CVSS 9.9 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of…
CVE-2025-61913 — CVSS 9.9 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and…
CVE-2026-43995 — CVSS 9.8 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations…
CVE-2026-41264 — CVSS 9.8 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within…
CVE-2026-41265 — CVSS 9.8 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within…
CVE-2026-41268 — CVSS 9.8 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a…
CVE-2026-41274 — CVSS 9.8 (critical): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node…
CVE-2026-41137 — CVSS 8.8 (high): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a…
CVE-2026-41138 — CVSS 8.8 (high): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution…
CVE-2026-41271 — CVSS 8.3 (high): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery…
CVE-2025-29189 — CVSS 7.6 (high): Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
CVE-2026-31829 — CVSS 7.1 (high): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in…
CVE-2026-41270 — CVSS 7.1 (high): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery…
CVE-2026-41272 — CVSS 7.1 (high): Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers…