Langgenius Dify vulnerabilities
14 known vulnerabilities affecting langgenius/langgenius_dify.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH8MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-0185P2HIGHCVSS 8.8≥ unspecified, ≤ latest2025-03-20
CVE-2025-0185 [HIGH] CWE-94 CVE-2025-0185: A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Panda
A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially le
nvd
CVE-2025-11750P3MEDIUMCVSS 5.3PoC≥ unspecified, ≤ latest2025-10-22
CVE-2025-11750 [MEDIUM] CWE-544 CVE-2025-11750: In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user acc
In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system responds with a message such as "account not found." Conve
nvd
CVE-2025-1796P3HIGHCVSS 8.8≥ unspecified, ≤ latest2025-03-20
CVE-2025-1796 [HIGH] CWE-338 CVE-2025-1796: A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including ad
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker
nvd
CVE-2024-12039P3HIGHCVSS 8.1≥ unspecified, ≤ latest2025-03-20
CVE-2024-12039 [HIGH] CWE-307 CVE-2024-12039: langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the nu
langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit code, resulting in a complete compromise of the application.
nvd
CVE-2025-3466P3HIGHCVSS 7.2≥ unspecified, < 1.1.32025-07-07
CVE-2025-3466 [HIGH] CWE-1100 CVE-2025-3466: langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowi
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to s
nvd
CVE-2024-12776P3HIGHCVSS 8.1≥ unspecified, ≤ latest2025-03-20
CVE-2024-12776 [HIGH] CWE-305 CVE-2024-12776: In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password rese
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.
nvd
CVE-2024-10252P3HIGHCVSS 7.2≥ unspecified, < 0.2.102025-03-20
CVE-2024-10252 [HIGH] CWE-94 CVE-2024-10252: A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF req
A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of the entire sandbox service and causing irreversible dam
nvd
CVE-2024-11822P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-11822 [HIGH] CWE-918 CVE-2024-11822: langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulne
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. The vulnerability exists due to improper handling of the api_endpoint parameter, allowing an attacker to make direct requests to internal network services. This can lead to unauthorized access to internal servers and potentially expose sensitive information, inc
nvd
CVE-2024-12775P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-12775 [MEDIUM] CWE-918 CVE-2024-12775: langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the te
langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set the `url` in the `servers` dictionary in OpenAI's schema with arbitrary URL targets, allowing them
nvd
CVE-2025-0184P3MEDIUMCVSS 6.5≥ unspecified, < 0.11.02025-03-20
CVE-2025-0184 [MEDIUM] CWE-918 CVE-2025-0184: A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2.
A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests' module instead of the 'ssrf_proxy', leading to an SS
nvd
CVE-2024-11824P3HIGHCVSS 7.6≥ unspecified, < 0.12.12025-03-20
CVE-2024-11824 [HIGH] CWE-79 CVE-2024-11824: A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specific
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the att
nvd
CVE-2025-3467P4MEDIUMCVSS 5.4≥ unspecified, < 1.1.32025-07-07
CVE-2025-3467 [MEDIUM] CWE-79 CVE-2025-3467: An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firef
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerabil
nvd
CVE-2024-11850P4MEDIUMCVSS 5.4≥ unspecified, ≤ latest2025-03-20
CVE-2024-11850 [MEDIUM] CWE-79 CVE-2024-11850: A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. T
A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit this vulnerability by injecting malicious SVG content, which can execute arbitrary JavaScript code
nvd
CVE-2024-11821P4MEDIUMCVSS 4.3≥ unspecified, ≤ latest2025-03-20
CVE-2024-11821 [MEDIUM] CWE-250 CVE-2024-11821: A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability all
A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unaut
nvd