Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gjgw-sjnh-zkhr

Summary

Duplicate
This advisory duplicates another.

Aliases

alias	CVE-2025-59527

alias	GHSA-hr92-4q35-4j3m

Fixed_packages

url	pkg:npm/flowise@3.0.6
purl	pkg:npm/flowise@3.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.6

Affected_packages

url pkg:npm/flowise@3.0.5

purl pkg:npm/flowise@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wkq-5agr-6bgz

vulnerability	VCID-5vb2-73xr-97cw

vulnerability	VCID-8wyy-ep3u-xkh5

vulnerability	VCID-gjgw-sjnh-zkhr

vulnerability	VCID-rhdz-rcy5-y3a6

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/flowise@3.0.5

References

reference_url	https://github.com/FlowiseAI/Flowise
reference_id
reference_type
scores
url	https://github.com/FlowiseAI/Flowise

reference_url	https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478
reference_id
reference_type
scores
url	https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/components/src/utils.ts#L474-L478

reference_url	https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24
reference_id
reference_type
scores
url	https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/controllers/fetch-links/index.ts#L6-L24

reference_url	https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18
reference_id
reference_type
scores
url	https://github.com/FlowiseAI/Flowise/blob/5930f1119c655bcf8d2200ae827a1f5b9fec81d0/packages/server/src/services/fetch-links/index.ts#L8-L18

reference_url	https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6
reference_id
reference_type
scores
url	https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.6

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-59527
reference_id	CVE-2025-59527
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-59527

reference_url	https://github.com/advisories/GHSA-hr92-4q35-4j3m
reference_id	GHSA-hr92-4q35-4j3m
reference_type
scores
url	https://github.com/advisories/GHSA-hr92-4q35-4j3m

reference_url	https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m
reference_id	GHSA-hr92-4q35-4j3m
reference_type
scores
url	https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m

Weaknesses

cwe_id	918
name	Server-Side Request Forgery (SSRF)
description	The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjgw-sjnh-zkhr

Vulnerability Instance