Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/langflow@1.7.1
Typepypi
Namespace
Namelangflow
Version1.7.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.9.0
Latest_non_vulnerable_version1.9.0
Affected_by_vulnerabilities
0
url VCID-4swq-hbjm-3ucd
vulnerability_id VCID-4swq-hbjm-3ucd
summary Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.
references
0
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-7grx-3xcx-2xv5
fixed_packages
0
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-33484, GHSA-7grx-3xcx-2xv5, PYSEC-2026-80
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4swq-hbjm-3ucd
1
url VCID-q4r1-xjfk-7bg9
vulnerability_id VCID-q4r1-xjfk-7bg9
summary Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.
references
0
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w
fixed_packages
0
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-33053, GHSA-rf6x-r45m-xv3w, PYSEC-2026-78
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4r1-xjfk-7bg9
2
url VCID-rrva-95s5-kbcf
vulnerability_id VCID-rrva-95s5-kbcf
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 (External Control of File Name), leading to the root architectural issue within `LocalStorageService` remaining unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on the HTTP-layer `ValidatedFileName` dependency. This defense-in-depth failure leaves the `POST /api/v2/files/` endpoint vulnerable to Arbitrary File Write. The multipart upload filename bypasses the path-parameter guard, allowing authenticated attackers to write files anywhere on the host system, leading to Remote Code Execution (RCE). Version 1.9.0 contains an updated fix.
references
0
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-g2j9-7rj2-gm6c
fixed_packages
0
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-33309, GHSA-g2j9-7rj2-gm6c, PYSEC-2026-79
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrva-95s5-kbcf
3
url VCID-v5pc-pdm9-97g8
vulnerability_id VCID-v5pc-pdm9-97g8
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.
references
0
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297
1
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31
2
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53
3
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47
4
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156
5
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300
6
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79
7
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38
8
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135
9
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163
10
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53
11
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272
12
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399
13
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443
14
reference_url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87
15
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc
fixed_packages
0
url pkg:pypi/langflow@1.9.0
purl pkg:pypi/langflow@1.9.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0
aliases CVE-2026-33873, GHSA-v8hw-mh8c-jxfc, PYSEC-2026-82
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5pc-pdm9-97g8
Fixing_vulnerabilities
0
url VCID-bb6r-1f6u-t7ed
vulnerability_id VCID-bb6r-1f6u-t7ed
summary 
Langflow vulnerable to Server-Side Request Forgery
**Vulnerability Overview**


Langflow provides an API Request component that can issue arbitrary HTTP requests within a flow. This component takes a user-supplied URL, performs only normalization and basic format checks, and then sends the request using a server-side httpx client. It does not block private IP ranges (127.0.0.1, the 10/172/192 ranges) or cloud metadata endpoints (169.254.169.254), and it returns the response body as the result.

Because the flow execution endpoints (/api/v1/run, /api/v1/run/advanced) can be invoked with just an API key, if an attacker can control the API Request URL in a flow, non-blind SSRF is possible—accessing internal resources from the server’s network context. This enables requests to, and collection of responses from, internal administrative endpoints, metadata services, and internal databases/services, leading to information disclosure and providing a foothold for further attacks.

**Vulnerable Code**

1. When a flow runs, the API Request URL is set via user input or tweaks, or it falls back to the value stored in the node UI.
references
0
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
url https://github.com/langflow-ai/langflow
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68477
reference_id CVE-2025-68477
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68477
2
reference_url https://github.com/advisories/GHSA-5993-7p27-66g5
reference_id GHSA-5993-7p27-66g5
reference_type
scores
url https://github.com/advisories/GHSA-5993-7p27-66g5
3
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5
reference_id GHSA-5993-7p27-66g5
reference_type
scores
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-5993-7p27-66g5
fixed_packages
0
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4swq-hbjm-3ucd
1
vulnerability VCID-q4r1-xjfk-7bg9
2
vulnerability VCID-rrva-95s5-kbcf
3
vulnerability VCID-v5pc-pdm9-97g8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2025-68477, GHSA-5993-7p27-66g5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6r-1f6u-t7ed
1
url VCID-ncvf-vzqr-uydz
vulnerability_id VCID-ncvf-vzqr-uydz
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.
references
0
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7
fixed_packages
0
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4swq-hbjm-3ucd
1
vulnerability VCID-q4r1-xjfk-7bg9
2
vulnerability VCID-rrva-95s5-kbcf
3
vulnerability VCID-v5pc-pdm9-97g8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2026-33497, GHSA-ph9w-r52h-28p7, PYSEC-2026-81
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncvf-vzqr-uydz
2
url VCID-qwtw-q92t-quhz
vulnerability_id VCID-qwtw-q92t-quhz
summary 
Langflow Missing Authentication on Critical API Endpoints
Multiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization.
references
0
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
url https://github.com/langflow-ai/langflow
1
reference_url https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a
reference_id
reference_type
scores
url https://github.com/langflow-ai/langflow/commit/3fed9fe1b5658f2c8656dbd73508e113a96e486a
2
reference_url https://github.com/langflow-ai/langflow/releases/tag/1.7.1
reference_id
reference_type
scores
url https://github.com/langflow-ai/langflow/releases/tag/1.7.1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21445
reference_id CVE-2026-21445
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-21445
4
reference_url https://github.com/advisories/GHSA-c5cp-vx83-jhqx
reference_id GHSA-c5cp-vx83-jhqx
reference_type
scores
url https://github.com/advisories/GHSA-c5cp-vx83-jhqx
5
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx
reference_id GHSA-c5cp-vx83-jhqx
reference_type
scores
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-c5cp-vx83-jhqx
fixed_packages
0
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4swq-hbjm-3ucd
1
vulnerability VCID-q4r1-xjfk-7bg9
2
vulnerability VCID-rrva-95s5-kbcf
3
vulnerability VCID-v5pc-pdm9-97g8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2026-21445, GHSA-c5cp-vx83-jhqx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwtw-q92t-quhz
3
url VCID-sbea-kkfu-akgb
vulnerability_id VCID-sbea-kkfu-akgb
summary Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.
references
0
reference_url https://github.com/langflow-ai/langflow
reference_id
reference_type
scores
url https://github.com/langflow-ai/langflow
1
reference_url https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
url https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68478
reference_id CVE-2025-68478
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68478
3
reference_url https://github.com/advisories/GHSA-f43r-cc68-gpx4
reference_id GHSA-f43r-cc68-gpx4
reference_type
scores
url https://github.com/advisories/GHSA-f43r-cc68-gpx4
fixed_packages
0
url pkg:pypi/langflow@1.7.0
purl pkg:pypi/langflow@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4swq-hbjm-3ucd
1
vulnerability VCID-ncvf-vzqr-uydz
2
vulnerability VCID-q4r1-xjfk-7bg9
3
vulnerability VCID-rrva-95s5-kbcf
4
vulnerability VCID-v5pc-pdm9-97g8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0
1
url pkg:pypi/langflow@1.7.1
purl pkg:pypi/langflow@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4swq-hbjm-3ucd
1
vulnerability VCID-q4r1-xjfk-7bg9
2
vulnerability VCID-rrva-95s5-kbcf
3
vulnerability VCID-v5pc-pdm9-97g8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1
aliases CVE-2025-68478, GHSA-f43r-cc68-gpx4, PYSEC-2025-125
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbea-kkfu-akgb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1