langflow-base

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting langflow-basepage 1 of 1

CVE-2025-3248CRITICALCVSS 9.8EG 9.8⚠ KEV✓ Fixed in 0.3.0
2025-04-07
vulnerable: 0.0.13 ... 0.2.0 (93 versions)
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
CVE-2026-21445CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.7.1
2026-01-02
vulnerable: 0.0.13 ... 0.7.0 (117 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to acce…
CVE-2026-34046HIGHCVSS 8.8EG 8.8✓ Fixed in 0.5.1
2026-03-27
vulnerable: 0.0.13 ... 0.5.0.post2 (105 versions)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branched on the `AUTO_LOGIN` setting to decide whether to filter …
CVE-2026-6596HIGHCVSS 7.3EG 7.3✓ Fixed in 1.9.1
2026-04-20
vulnerable: 0.0.13 ... 0.9.2 (136 versions)
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results i…

Check whether langflow-base is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for langflow-base CVEs against the assets you own.

Start Free Scan →