{"url":"http://public2.vulnerablecode.io/api/packages/41726?format=json","purl":"pkg:pypi/langflow@1.0.0a0","type":"pypi","namespace":"","name":"langflow","version":"1.0.0a0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.9.0","latest_non_vulnerable_version":"1.9.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36813?format=json","vulnerability_id":"VCID-ef87-295y-zbha","summary":"Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the \"POST /api/v1/custom_component\" endpoint and provide a Python script.","references":[{"reference_url":"https://github.com/langflow-ai/langflow/issues/1973","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/issues/1973"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41729?format=json","purl":"pkg:pypi/langflow@1.0.0a3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ncvf-vzqr-uydz"},{"vulnerability":"VCID-q4r1-xjfk-7bg9"},{"vulnerability":"VCID-sbea-kkfu-akgb"},{"vulnerability":"VCID-v5pc-pdm9-97g8"},{"vulnerability":"VCID-wv26-29b9-vqgg"},{"vulnerability":"VCID-ysnc-jyxb-6qcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.0a3"}],"aliases":["CVE-2024-37014","PYSEC-2024-177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef87-295y-zbha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37252?format=json","vulnerability_id":"VCID-ncvf-vzqr-uydz","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the download_profile_picture function of the /profile_pictures/{folder_name}/{file_name} endpoint, the folder_name and file_name parameters are not strictly filtered, which allows the secret_key to be read across directories. Version 1.7.1 contains a patch.","references":[{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-ph9w-r52h-28p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48829?format=json","purl":"pkg:pypi/langflow@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4swq-hbjm-3ucd"},{"vulnerability":"VCID-q4r1-xjfk-7bg9"},{"vulnerability":"VCID-rrva-95s5-kbcf"},{"vulnerability":"VCID-v5pc-pdm9-97g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1"}],"aliases":["CVE-2026-33497","GHSA-ph9w-r52h-28p7","PYSEC-2026-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ncvf-vzqr-uydz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37246?format=json","vulnerability_id":"VCID-q4r1-xjfk-7bg9","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_current_active_user dependency). However, the delete_api_key() CRUD function does NOT verify that the API key belongs to the current user before deletion.","references":[{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-rf6x-r45m-xv3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48845?format=json","purl":"pkg:pypi/langflow@1.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0"}],"aliases":["CVE-2026-33053","GHSA-rf6x-r45m-xv3w","PYSEC-2026-78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4r1-xjfk-7bg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37168?format=json","vulnerability_id":"VCID-sbea-kkfu-akgb","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths (e.g., /etc/poc.txt) are interpreted as is. Version 1.7.0 fixes the issue.","references":[{"reference_url":"https://github.com/langflow-ai/langflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-f43r-cc68-gpx4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68478","reference_id":"CVE-2025-68478","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68478"},{"reference_url":"https://github.com/advisories/GHSA-f43r-cc68-gpx4","reference_id":"GHSA-f43r-cc68-gpx4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f43r-cc68-gpx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46626?format=json","purl":"pkg:pypi/langflow@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4swq-hbjm-3ucd"},{"vulnerability":"VCID-ncvf-vzqr-uydz"},{"vulnerability":"VCID-q4r1-xjfk-7bg9"},{"vulnerability":"VCID-rrva-95s5-kbcf"},{"vulnerability":"VCID-v5pc-pdm9-97g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/48829?format=json","purl":"pkg:pypi/langflow@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4swq-hbjm-3ucd"},{"vulnerability":"VCID-q4r1-xjfk-7bg9"},{"vulnerability":"VCID-rrva-95s5-kbcf"},{"vulnerability":"VCID-v5pc-pdm9-97g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.1"}],"aliases":["CVE-2025-68478","GHSA-f43r-cc68-gpx4","PYSEC-2025-125"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbea-kkfu-akgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37257?format=json","vulnerability_id":"VCID-v5pc-pdm9-97g8","summary":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class server-side. In deployments where an attacker can access the Agentic Assistant feature and influence the model output, this can result in arbitrary server-side Python execution. Version 1.9.0 fixes the issue.","references":[{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/router.py#L252-L297"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/api/schemas.py#L20-L31"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/code_extraction.py#L11-L53"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/helpers/validation.py#L27-L47"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L142-L156"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L259-L300"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/agentic/services/assistant_service.py#L58-L79"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/utils/core.py#L38"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/api/v1/login.py#L96-L135"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L156-L163"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/backend/base/langflow/services/auth/utils.py#L39-L53"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L241-L272"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L394-L399"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/custom/validate.py#L441-L443"},{"reference_url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/blob/f7f4d1e70ba5eecd18162ec96f3571c2cfbcd1fc/src/lfx/src/lfx/services/settings/auth.py#L71-L87"},{"reference_url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-v8hw-mh8c-jxfc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48845?format=json","purl":"pkg:pypi/langflow@1.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.9.0"}],"aliases":["CVE-2026-33873","GHSA-v8hw-mh8c-jxfc","PYSEC-2026-82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v5pc-pdm9-97g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37041?format=json","vulnerability_id":"VCID-wv26-29b9-vqgg","summary":"Langflow versions prior to 1.3.0 are susceptible to code injection in \nthe /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary\ncode.","references":[{"reference_url":"https://github.com/langflow-ai/langflow/pull/6911","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/pull/6911"},{"reference_url":"https://github.com/langflow-ai/langflow/releases/tag/1.3.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow/releases/tag/1.3.0"},{"reference_url":"https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44832?format=json","purl":"pkg:pypi/langflow@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4swq-hbjm-3ucd"},{"vulnerability":"VCID-ncvf-vzqr-uydz"},{"vulnerability":"VCID-q4r1-xjfk-7bg9"},{"vulnerability":"VCID-rrva-95s5-kbcf"},{"vulnerability":"VCID-sbea-kkfu-akgb"},{"vulnerability":"VCID-v5pc-pdm9-97g8"},{"vulnerability":"VCID-ysnc-jyxb-6qcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.3.0"}],"aliases":["CVE-2025-3248","PYSEC-2025-36"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv26-29b9-vqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37154?format=json","vulnerability_id":"VCID-ysnc-jyxb-6qcy","summary":"Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.","references":[{"reference_url":"https://github.com/langflow-ai/langflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/langflow-ai/langflow"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/10139","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/10139"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/10696","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/10696"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/9240","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/9240"},{"reference_url":"https://github.com/langflow-ai/langflow/pull/9441","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/langflow-ai/langflow/pull/9441"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/langflow/PYSEC-2025-78.yaml"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291"},{"reference_url":"https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform"},{"reference_url":"https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-34291","reference_id":"CVE-2025-34291","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-34291"},{"reference_url":"https://www.crowdsec.net/vulntracking-report/cve-2025-34291","reference_id":"CVE-2025-34291","reference_type":"","scores":[],"url":"https://www.crowdsec.net/vulntracking-report/cve-2025-34291"},{"reference_url":"https://github.com/advisories/GHSA-577h-p2hh-v4mv","reference_id":"GHSA-577h-p2hh-v4mv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-577h-p2hh-v4mv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46626?format=json","purl":"pkg:pypi/langflow@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4swq-hbjm-3ucd"},{"vulnerability":"VCID-ncvf-vzqr-uydz"},{"vulnerability":"VCID-q4r1-xjfk-7bg9"},{"vulnerability":"VCID-rrva-95s5-kbcf"},{"vulnerability":"VCID-v5pc-pdm9-97g8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.7.0"}],"aliases":["CVE-2025-34291","GHSA-577h-p2hh-v4mv","PYSEC-2025-78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysnc-jyxb-6qcy"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/langflow@1.0.0a0"}