Package impact
PyPI / langflow
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-33017 | critical | 9.8 | 10.0 | 2mo ago | Langflow contains a code injection vulnerability that could allow building public flows without requiring authentication. | |
| CVE-2026-42048 | critical | 9.6 | 9.6 | 16d ago | Langflow Knowledge Bases API is Vulnerable to Path Traversal | |
| CVE-2026-6597 | low | 2.7 | 2.7 | 1mo ago | A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… |