Langgenius Security Vulnerabilities (CVEs)
Track 15 security vulnerabilities affecting Langgenius products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2025-63387 is an insecure permissions vulnerability in Dify v1.9.1 that allows unauthenticated attackers to access the /console/api/system-feature...
Dec 18, 2025CVE-2025-56157 exposes Dify installations to unauthorized database access through hardcoded PostgreSQL credentials in docker-compose.yaml. Attackers c...
Dec 18, 2025This CVE describes a CORS misconfiguration in Dify v1.9.1 that allows any external domain to make authenticated cross-origin requests to the /console/...
Dec 18, 2025A CORS misconfiguration in Dify v1.9.1 allows arbitrary external domains to make authenticated requests to the /console/api/setup endpoint. This enabl...
Dec 18, 2025This vulnerability allows attackers to determine whether specific user accounts exist in langgenius/dify-web systems by analyzing authentication error...
Oct 22, 2025CVE-2025-3466 is a critical vulnerability in langgenius/dify versions 1.1.0 to 1.1.2 that allows attackers to execute arbitrary code with root permiss...
Jul 7, 2025CVE-2025-43862 is an access control vulnerability in Dify that allows normal users to access and modify APP orchestration features that should be rest...
Apr 25, 2025This CVE describes an improper access control vulnerability in Dify, an open-source LLM app development platform. Normal users can modify app names, d...
Apr 18, 2025This vulnerability in langgenius/dify v0.10.1 allows attackers to predict password reset codes due to a weak pseudo-random number generator (PRNG). At...
Mar 20, 2025This SSRF vulnerability in Dify AI allows attackers to make the server send unauthorized requests to internal or external systems using the server's n...
Mar 20, 2025This vulnerability allows attackers to reset any user's password without verifying the reset code, enabling account takeover including administrator a...
Mar 20, 2025This vulnerability allows unauthenticated attackers to reset passwords for any user, including administrators, by brute-forcing a six-digit reset code...
Mar 20, 2025A privilege escalation vulnerability in langgenius/dify version 0.9.1 allows normal users to modify admin-created chatbot configurations. This occurs ...
Mar 20, 2025A stored XSS vulnerability in langgenius/dify's chat log functionality allows attackers to inject malicious HTML tags like <input> and <form> via prom...
Mar 20, 2025A stored cross-site scripting (XSS) vulnerability in langgenius/dify allows attackers to inject malicious SVG content through the chatbot feature. Whe...
Mar 20, 2025Why Monitor Langgenius Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 15+ known vulnerabilities affecting Langgenius products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Langgenius packages in under 60 seconds. No agents required - completely agentless scanning that works across Langgenius deployments.
Free vulnerability database: Access detailed information about every Langgenius CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Langgenius CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
