GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
12 advisories
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
Critical
CVE-2026-55450
was published
for
langflow
(pip)
Jun 17, 2026
Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read
Moderate
CVE-2026-48520
was published
for
langflow
(pip)
Jun 16, 2026
Langflow: Unauthenticated RCE in Shareable Playgrounds
Critical
CVE-2026-48519
was published
for
langflow
(pip)
Jun 16, 2026
Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
Moderate
CVE-2026-42867
was published
for
langflow
(pip)
Jun 16, 2026
Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints
High
CVE-2026-33760
was published
for
langflow
(pip)
Jun 16, 2026
Langflow Knowledge Bases API is Vulnerable to Path Traversal
Critical
CVE-2026-42048
was published
for
langflow
(pip)
May 5, 2026
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Critical
CVE-2026-33873
was published
for
langflow
(pip)
Mar 26, 2026
langflow has Unauthenticated IDOR on Image Downloads
High
CVE-2026-33484
was published
for
langflow
(pip)
Mar 20, 2026
Langflow has an Arbitrary File Write (RCE) via v2 API
Critical
CVE-2026-33309
was published
for
langflow
(pip)
Mar 19, 2026
Langflow is Missing Ownership Verification in API Key Deletion (IDOR)
High
CVE-2026-33053
was published
for
langflow
(pip)
Mar 18, 2026
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
Critical
CVE-2026-33017
was published
for
langflow
(pip)
Mar 17, 2026
Langflow has Remote Code Execution in CSV Agent
Critical
CVE-2026-27966
was published
for
langflow
(pip)
Feb 27, 2026
ProTip!
Advisories are also available from the
GraphQL API