VIR Vulnerability Intelligence Relay

Package impact

npm npm / flowise

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43995 critical 9.8 9.8 17d ago Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) npm
CVE-2026-41274 critical 9.8 9.8 1mo ago Flowise: Cypher Injection in GraphCypherQAChain npm
CVE-2026-46442 critical 9.5 14d ago FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape npm
CVE-2026-46480 high 8.0 14d ago FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover npm
CVE-2026-46479 high 8.0 14d ago FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover npm
CVE-2026-46478 high 8.0 14d ago FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover npm
CVE-2026-46477 high 8.0 14d ago FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover npm
CVE-2026-46476 high 8.0 14d ago FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover npm
CVE-2026-46475 high 8.0 14d ago FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover npm
CVE-2026-46444 high 8.0 14d ago FlowiseAI: Vector Store No Permission Checks npm
CVE-2026-46443 high 8.0 14d ago FlowiseAI Vulnerable to Credential Data Leak npm
CVE-2026-46441 high 8.0 14d ago FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment npm
CVE-2026-46440 high 8.0 14d ago FlowiseAI Exposes Basic Auth Credentials via API npm
CVE-2026-42863 high 8.0 14d ago FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment npm
CVE-2026-42862 high 8.0 14d ago FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment npm
CVE-2026-42861 high 8.0 14d ago FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment npm