[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Flowise
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jun 27 12:27:09 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e53fb352 by Moritz Muehlenhoff at 2026-06-27T13:26:45+02:00
auto-nfu: Add rule for Flowise
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -1057,21 +1057,21 @@ CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2)
CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle files that ...)
TODO: check
CVE-2025-71338 (Flowise contains a path traversal vulnerability in the /api/v1/documen ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) con ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71335 (Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to i ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71334 (Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71333 (Flowise through 2.2.4 contains an unauthenticated arbitrary file uploa ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71328 (Flowise before 3.0.10 contains an unverified password change vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71327 (Flowise contains an authentication bypass vulnerability in the unprote ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-71324 (Flowise before 3.0.6 contains an arbitrary file read vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-60465 (A use-after-free in the gf_filter_pid_inst_swap function (/filter_core ...)
TODO: check
CVE-2025-60464 (A use-after-free in the gf_sei_load_from_state_internal function (/fil ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -895,6 +895,8 @@
description: '.*\bEmlog\b.*'
- reason: ESAFENET
description: '.*\bESAFENET\b.*'
+- reason: Flowise
+ description: '.*\bFlowise\b.*'
- reason: Intelbras
description: '.*\b(?i:Intelbras)\b.*'
- reason: IrfanView
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/aaa08c81/attachment.htm>
More information about the debian-security-tracker-commits
mailing list