Package impact
PyPI / langflow
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-34291 | high | 8.8 | 10.0 | 6mo ago | Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with al… | |
| CVE-2026-34046 | high | 8.8 | 8.8 | 2mo ago | Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check | |
| CVE-2026-6599 | medium | 6.3 | 6.3 | 1mo ago | Langflow vulnerable to injection | |
| CVE-2026-6598 | medium | 4.3 | 4.3 | 1mo ago | Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint |