Search for packages
| purl | pkg:pypi/langflow-base@0.6.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6y1z-b2ye-jkd6
Aliases: CVE-2026-21445 GHSA-c5cp-vx83-jhqx |
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch. |
Affected by 1 other vulnerability. |
|
VCID-e9b3-3ks2-ukhy
Aliases: CVE-2026-6596 GHSA-vvfc-fp59-m92g |
A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T22:11:16.280018+00:00 | GitLab Importer | Affected by | VCID-e9b3-3ks2-ukhy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langflow-base/CVE-2026-6596.yml | 38.6.0 |
| 2026-06-12T20:43:09.529424+00:00 | GitLab Importer | Affected by | VCID-6y1z-b2ye-jkd6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/langflow-base/CVE-2026-21445.yml | 38.6.0 |