{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T07:41:29.248","vulnerabilities":[{"cve":{"id":"CVE-2026-30822","sourceIdentifier":"security-advisories@github.com","published":"2026-03-07T05:16:27.483","lastModified":"2026-03-11T13:40:13.250","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13."},{"lang":"es","value":"Flowise es una interfaz de usuario de arrastrar y soltar para construir un flujo de modelo de lenguaje grande personalizado. Antes de la versión 3.0.13, los usuarios no autenticados pueden inyectar valores arbitrarios en campos internos de la base de datos al crear clientes potenciales. Este problema ha sido parcheado en la versión 3.0.13."}],"metrics":{"cvssMetricV30":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-915"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.13","matchCriteriaId":"8C6D6D18-106F-49FE-B523-B5DCAADFB40F"}]}]}],"references":[{"url":"https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-mq4r-h2gh-qv7x","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}