VIR Vulnerability Intelligence Relay

Package impact

python PyPI / langflow

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-33017 critical 9.8 10.0 2mo ago Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. python
CVE-2025-34291 high 8.8 10.0 6mo ago Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al… python
CVE-2025-3248 unknown 1.5 11mo ago Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary co… python