Security Advisories · langflow-ai/langflow · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Authenticated Code Execution in Agentic Assistant Validation
GHSA-v8hw-mh8c-jxfc published Mar 24, 2026 by andifilhohub

Critical
Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint
GHSA-vwmf-pq79-vjvx published Mar 16, 2026 by andifilhohub

Critical
Unauthenticated IDOR on Image Downloads
GHSA-7grx-3xcx-2xv5 published Mar 20, 2026 by andifilhohub

High
Arbitrary File Write (RCE) via v2 API
GHSA-g2j9-7rj2-gm6c published Mar 18, 2026 by andifilhohub

Critical
Missing Ownership Verification in API Key Deletion (IDOR)
GHSA-rf6x-r45m-xv3w published Mar 16, 2026 by andifilhohub

High
Remote Code Execution in CSV Agent
GHSA-3645-fxcv-hqr4 published Feb 25, 2026 by Empreiteiro

Critical
SSRF in langflow-ai/langflow
GHSA-5993-7p27-66g5 published Dec 19, 2025 by jordanrfrazier

High
External Control of File Name or Path in Langflow
GHSA-f43r-cc68-gpx4 published Dec 19, 2025 by jordanrfrazier

High
Missing Authentication on Critical API Endpoints
GHSA-c5cp-vx83-jhqx published Jan 2, 2026 by jordanrfrazier

Critical
Privilege Escalation via CLI Superuser Creation (Post-RCE)
GHSA-4gv9-mp8m-592r published Aug 25, 2025 by jordanrfrazier

High