{"url":"http://public2.vulnerablecode.io/api/packages/69897?format=json","purl":"pkg:npm/flowise@3.0.5","type":"npm","namespace":"","name":"flowise","version":"3.0.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.6","latest_non_vulnerable_version":"3.0.13","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47559?format=json","vulnerability_id":"VCID-2wkq-5agr-6bgz","summary":"Flowise has Remote Code Execution vulnerability\nThe CustomMCP node allows users to input configuration settings for connecting to an external MCP (Model Context Protocol) server. \nThis node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it \nexecutes JavaScript code without any security validation.\n\nSpecifically, inside the convertToValidJSONString function, user input is directly passed to the Function() constructor, which \nevaluates and executes the input as JavaScript code. Since this runs with full Node.js runtime privileges, it can access dangerous\nmodules such as child_process and fs.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L132","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L132"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L220","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L220"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L262-L270","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts#L262-L270"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/nodes/index.ts#L57-L78","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/nodes/index.ts#L57-L78"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/routes/node-load-methods/index.ts#L5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/routes/node-load-methods/index.ts#L5"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/nodes/index.ts#L91-L94","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/nodes/index.ts#L91-L94"},{"reference_url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59528","reference_id":"CVE-2025-59528","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59528"},{"reference_url":"https://github.com/advisories/GHSA-3gcm-f6qx-ff7p","reference_id":"GHSA-3gcm-f6qx-ff7p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3gcm-f6qx-ff7p"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p","reference_id":"GHSA-3gcm-f6qx-ff7p","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69898?format=json","purl":"pkg:npm/flowise@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.6"}],"aliases":["CVE-2025-59528","GHSA-3gcm-f6qx-ff7p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wkq-5agr-6bgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48070?format=json","vulnerability_id":"VCID-5vb2-73xr-97cw","summary":"Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references.\n\n### Original Description\nFlowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the \"Supabase RPC Filter\" field.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57164","reference_id":"CVE-2025-57164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57164"},{"reference_url":"https://github.com/advisories/GHSA-3g4j-r53p-22wx","reference_id":"GHSA-3g4j-r53p-22wx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3g4j-r53p-22wx"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv","reference_id":"GHSA-7944-7c6r-55vv","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69898?format=json","purl":"pkg:npm/flowise@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.6"}],"aliases":["GHSA-3g4j-r53p-22wx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vb2-73xr-97cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47568?format=json","vulnerability_id":"VCID-8wyy-ep3u-xkh5","summary":"Flowise has an Arbitrary File Read\nAn arbitrary file read vulnerability in the `chatId` parameter supplied to both the `/api/v1/get-upload-file` and `/api/v1/openai-assistants-file/download` endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows reading of the local sqlite db and subsequent compromise of all database content.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise"},{"reference_url":"https://github.com/advisories/GHSA-99pg-hqvx-r4gf","reference_id":"GHSA-99pg-hqvx-r4gf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-99pg-hqvx-r4gf"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-99pg-hqvx-r4gf","reference_id":"GHSA-99pg-hqvx-r4gf","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-99pg-hqvx-r4gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69898?format=json","purl":"pkg:npm/flowise@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.6"}],"aliases":["GHSA-99pg-hqvx-r4gf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8wyy-ep3u-xkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47564?format=json","vulnerability_id":"VCID-gjgw-sjnh-zkhr","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18"},{"reference_url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59527","reference_id":"CVE-2025-59527","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59527"},{"reference_url":"https://github.com/advisories/GHSA-hr92-4q35-4j3m","reference_id":"GHSA-hr92-4q35-4j3m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hr92-4q35-4j3m"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m","reference_id":"GHSA-hr92-4q35-4j3m","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69898?format=json","purl":"pkg:npm/flowise@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.6"}],"aliases":["CVE-2025-59527","GHSA-hr92-4q35-4j3m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjgw-sjnh-zkhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47560?format=json","vulnerability_id":"VCID-rhdz-rcy5-y3a6","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/flowise%403.0.5/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/flowise%403.0.5/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237"},{"reference_url":"https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts#L237"},{"reference_url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57164","reference_id":"CVE-2025-57164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-57164"},{"reference_url":"https://github.com/advisories/GHSA-7944-7c6r-55vv","reference_id":"GHSA-7944-7c6r-55vv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7944-7c6r-55vv"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv","reference_id":"GHSA-7944-7c6r-55vv","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69898?format=json","purl":"pkg:npm/flowise@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.6"}],"aliases":["CVE-2025-57164","GHSA-7944-7c6r-55vv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhdz-rcy5-y3a6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47947?format=json","vulnerability_id":"VCID-2g6u-ttnw-p3a7","summary":"Duplicate Advisory: Flowise is vulnerable to stored XSS via \"View Messages\" allows credential theft in FlowiseAI admin panel\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-964p-j4gg-mhwc. This link is maintained to preserve external references.\n\n### Original Description\nFlowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise/pull/4905","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/pull/4905"},{"reference_url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50538","reference_id":"CVE-2025-50538","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50538"},{"reference_url":"https://github.com/advisories/GHSA-7rgr-72hp-9wp3","reference_id":"GHSA-7rgr-72hp-9wp3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7rgr-72hp-9wp3"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-964p-j4gg-mhwc","reference_id":"GHSA-964p-j4gg-mhwc","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-964p-j4gg-mhwc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69897?format=json","purl":"pkg:npm/flowise@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2wkq-5agr-6bgz"},{"vulnerability":"VCID-5vb2-73xr-97cw"},{"vulnerability":"VCID-8wyy-ep3u-xkh5"},{"vulnerability":"VCID-gjgw-sjnh-zkhr"},{"vulnerability":"VCID-rhdz-rcy5-y3a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.5"}],"aliases":["GHSA-7rgr-72hp-9wp3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2g6u-ttnw-p3a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47944?format=json","vulnerability_id":"VCID-ecx7-nvez-aud4","summary":"Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references.\n\n### Original Description\nFlowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise/pull/4905","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/pull/4905"},{"reference_url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29192","reference_id":"CVE-2025-29192","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29192"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42","reference_id":"GHSA-7r4h-vmj9-wg42","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42"},{"reference_url":"https://github.com/advisories/GHSA-wq95-wr7m-26h4","reference_id":"GHSA-wq95-wr7m-26h4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wq95-wr7m-26h4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69897?format=json","purl":"pkg:npm/flowise@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2wkq-5agr-6bgz"},{"vulnerability":"VCID-5vb2-73xr-97cw"},{"vulnerability":"VCID-8wyy-ep3u-xkh5"},{"vulnerability":"VCID-gjgw-sjnh-zkhr"},{"vulnerability":"VCID-rhdz-rcy5-y3a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.5"}],"aliases":["GHSA-wq95-wr7m-26h4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecx7-nvez-aud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47934?format=json","vulnerability_id":"VCID-yuwm-n652-ykd9","summary":"Flowise Stored XSS vulnerability through logs in chatbot\nIn the chat log, tags like input and form are allowed. This makes a potential vulnerability where an attacker could inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information with stored Cross Site Scripting.","references":[{"reference_url":"https://github.com/FlowiseAI/Flowise","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise"},{"reference_url":"https://github.com/FlowiseAI/Flowise/commit/9a06a85a8ddcbaeca1342827a5fea9087a587d97","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/commit/9a06a85a8ddcbaeca1342827a5fea9087a587d97"},{"reference_url":"https://github.com/FlowiseAI/Flowise/pull/4905","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/pull/4905"},{"reference_url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29192","reference_id":"CVE-2025-29192","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29192"},{"reference_url":"https://github.com/advisories/GHSA-7r4h-vmj9-wg42","reference_id":"GHSA-7r4h-vmj9-wg42","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7r4h-vmj9-wg42"},{"reference_url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42","reference_id":"GHSA-7r4h-vmj9-wg42","reference_type":"","scores":[],"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7r4h-vmj9-wg42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69897?format=json","purl":"pkg:npm/flowise@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2wkq-5agr-6bgz"},{"vulnerability":"VCID-5vb2-73xr-97cw"},{"vulnerability":"VCID-8wyy-ep3u-xkh5"},{"vulnerability":"VCID-gjgw-sjnh-zkhr"},{"vulnerability":"VCID-rhdz-rcy5-y3a6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.5"}],"aliases":["CVE-2025-29192","GHSA-7r4h-vmj9-wg42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuwm-n652-ykd9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.5"}