GHSA-3g4j-r53p-22wx: Duplicate Advisory: FlowiseAI Pre-Auth Arbitrary Code Execution

October 17, 2025

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-7944-7c6r-55vv. This link is maintained to preserve external references.

Original Description

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the “Supabase RPC Filter” field.

References

github.com/FlowiseAI/Flowise
github.com/FlowiseAI/Flowise/blob/main/packages/components/nodes/vectorstores/Supabase/Supabase.ts
github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv
github.com/advisories/GHSA-3g4j-r53p-22wx
nvd.nist.gov/vuln/detail/CVE-2025-57164

Code Behaviors & Features

Detect and mitigate GHSA-3g4j-r53p-22wx with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →