[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Flowise

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 12:27:09 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e53fb352 by Moritz Muehlenhoff at 2026-06-27T13:26:45+02:00
auto-nfu: Add rule for Flowise

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1057,21 +1057,21 @@ CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2)
 CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle files that  ...)
 	TODO: check
 CVE-2025-71338 (Flowise contains a path traversal vulnerability in the /api/v1/documen ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) con ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71335 (Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to i ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71334 (Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71333 (Flowise through 2.2.4 contains an unauthenticated arbitrary file uploa ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71328 (Flowise before 3.0.10 contains an unverified password change vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71327 (Flowise contains an authentication bypass vulnerability in the unprote ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-71324 (Flowise before 3.0.6 contains an arbitrary file read vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-60465 (A use-after-free in the gf_filter_pid_inst_swap function (/filter_core ...)
 	TODO: check
 CVE-2025-60464 (A use-after-free in the gf_sei_load_from_state_internal function (/fil ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -895,6 +895,8 @@
   description: '.*\bEmlog\b.*'
 - reason: ESAFENET
   description: '.*\bESAFENET\b.*'
+- reason: Flowise
+  description: '.*\bFlowise\b.*'
 - reason: Intelbras
   description: '.*\b(?i:Intelbras)\b.*'
 - reason: IrfanView



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/aaa08c81/attachment.htm>


More information about the debian-security-tracker-commits mailing list