📦 Dify

This vulnerability in Dify Tools' Vanna module allows attackers to inject malicious queries through unsanitized user inputs, potentially leading to remote code execution. It affects systems using the ...

This Server-Side Request Forgery (SSRF) vulnerability in langgenius/dify version 0.9.1 allows attackers to make unauthorized requests to internal network services by manipulating the api_endpoint para...

This is a cross-site scripting (XSS) vulnerability in Dify's web chat frontend when using echarts. It allows attackers to execute arbitrary JavaScript code in users' browsers by injecting malicious pa...

Dify versions before 1.11.0 expose API keys in plaintext to frontend users, allowing non-administrators to view and potentially misuse them. This vulnerability enables unauthorized access to third-par...

Dify v1.6.0 contains a Server-Side Request Forgery (SSRF) vulnerability in the RemoteFileUploadApi component that allows attackers to make unauthorized requests from the server to internal or external...