[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-34291":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-22T16:08:08.064Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":424,"aliases":434,"duplicate_of":9,"upstream":437,"downstream":438,"duplicates":439,"related":440,"reserved_at":9,"published_at":441,"modified_at":442,"state":443,"summary":444,"references_raw":454,"kevs":506,"epss":516,"epss_history":519,"metrics":793,"affected":808},"CVE-2025-34291","Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-346","Origin Validation Error","The product does not properly verify that the source of data or communication is valid.","weakness","Draft","Class",[19,23,76,88,92,263,267,271,275,279,283,287,291,412,416,420],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-160","Exploit Script-Based APIs",[],{"id":93,"name":94,"techniques":95},"CAPEC-21","Exploitation of Trusted Identifiers",[96,211,239],{"id":97,"name":98,"tactics":99,"countermeasures":109},"T1134","Access Token Manipulation",[100,103,106],{"id":101,"name":102},"TA0030","Defense Evasion",{"id":104,"name":105},"TA0005","Stealth",{"id":107,"name":108},"TA0111","Privilege Escalation",[110,115,119,123,127,131,135,139,143,148,152,156,161,166,170,174,178,182,187,191,195,199,203,207],{"id":111,"name":112,"tactic":113},"D3-CI","Configuration Inventory",{"name":114},"Model",{"id":116,"name":117,"tactic":118},"D3-NTPM","Network Traffic Policy Mapping",{"name":114},{"id":120,"name":121,"tactic":122},"D3-AM","Access Modeling",{"name":114},{"id":124,"name":125,"tactic":126},"D3-AEM","Application Exception Monitoring",{"name":42},{"id":128,"name":129,"tactic":130},"D3-SCA","System Call Analysis",{"name":42},{"id":132,"name":133,"tactic":134},"D3-CCSA","Credential Compromise Scope Analysis",{"name":42},{"id":136,"name":137,"tactic":138},"D3-OPM","Operational Process Monitoring",{"name":42},{"id":140,"name":141,"tactic":142},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":144,"name":145,"tactic":146},"D3-ST","Session Termination",{"name":147},"Evict",{"id":149,"name":150,"tactic":151},"D3-CR","Credential Revocation",{"name":147},{"id":153,"name":154,"tactic":155},"D3-ANCI","Authentication Cache Invalidation",{"name":147},{"id":157,"name":158,"tactic":159},"D3-DUC","Decoy User Credential",{"name":160},"Deceive",{"id":162,"name":163,"tactic":164},"D3-CH","Credential Hardening",{"name":165},"Harden",{"id":167,"name":168,"tactic":169},"D3-MFA","Multi-factor Authentication",{"name":165},{"id":171,"name":172,"tactic":173},"D3-CRO","Credential Rotation",{"name":165},{"id":175,"name":176,"tactic":177},"D3-TB","Token Binding",{"name":165},{"id":179,"name":180,"tactic":181},"D3-TBA","Token-based Authentication",{"name":165},{"id":183,"name":184,"tactic":185},"D3-RC","Restore Configuration",{"name":186},"Restore",{"id":188,"name":189,"tactic":190},"D3-RIC","Reissue Credential",{"name":186},{"id":192,"name":193,"tactic":194},"D3-SCF","System Call Filtering",{"name":75},{"id":196,"name":197,"tactic":198},"D3-CTS","Credential Transmission Scoping",{"name":75},{"id":200,"name":201,"tactic":202},"D3-EAL","Executable Allowlisting",{"name":75},{"id":204,"name":205,"tactic":206},"D3-EDL","Executable Denylisting",{"name":75},{"id":208,"name":209,"tactic":210},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":212,"name":213,"tactics":214,"countermeasures":216},"T1528","Steal Application Access Token",[215],{"id":32,"name":33},[217,219,221,223,225,227,229,231,233,235,237],{"id":132,"name":133,"tactic":218},{"name":42},{"id":149,"name":150,"tactic":220},{"name":147},{"id":153,"name":154,"tactic":222},{"name":147},{"id":157,"name":158,"tactic":224},{"name":160},{"id":162,"name":163,"tactic":226},{"name":165},{"id":167,"name":168,"tactic":228},{"name":165},{"id":171,"name":172,"tactic":230},{"name":165},{"id":175,"name":176,"tactic":232},{"name":165},{"id":179,"name":180,"tactic":234},{"name":165},{"id":188,"name":189,"tactic":236},{"name":186},{"id":196,"name":197,"tactic":238},{"name":75},{"id":240,"name":241,"tactics":242,"countermeasures":244},"T1539","Steal Web Session Cookie",[243],{"id":32,"name":33},[245,247,249,251,253,255,257,259,261],{"id":132,"name":133,"tactic":246},{"name":42},{"id":149,"name":150,"tactic":248},{"name":147},{"id":153,"name":154,"tactic":250},{"name":147},{"id":157,"name":158,"tactic":252},{"name":160},{"id":162,"name":163,"tactic":254},{"name":165},{"id":167,"name":168,"tactic":256},{"name":165},{"id":171,"name":172,"tactic":258},{"name":165},{"id":188,"name":189,"tactic":260},{"name":186},{"id":196,"name":197,"tactic":262},{"name":75},{"id":264,"name":265,"techniques":266},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":268,"name":269,"techniques":270},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":272,"name":273,"techniques":274},"CAPEC-386","Application API Navigation Remapping",[],{"id":276,"name":277,"techniques":278},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":280,"name":281,"techniques":282},"CAPEC-388","Application API Button Hijacking",[],{"id":284,"name":285,"techniques":286},"CAPEC-510","SaaS User Request Forgery",[],{"id":288,"name":289,"techniques":290},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":292,"name":293,"techniques":294},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[295,325],{"id":296,"name":297,"tactics":298,"countermeasures":302},"T1134.001","Token Impersonation/Theft",[299,300,301],{"id":101,"name":102},{"id":104,"name":105},{"id":107,"name":108},[303,305,307,309,311,313,315,317,319,321,323],{"id":132,"name":133,"tactic":304},{"name":42},{"id":149,"name":150,"tactic":306},{"name":147},{"id":153,"name":154,"tactic":308},{"name":147},{"id":157,"name":158,"tactic":310},{"name":160},{"id":162,"name":163,"tactic":312},{"name":165},{"id":167,"name":168,"tactic":314},{"name":165},{"id":171,"name":172,"tactic":316},{"name":165},{"id":175,"name":176,"tactic":318},{"name":165},{"id":179,"name":180,"tactic":320},{"name":165},{"id":188,"name":189,"tactic":322},{"name":186},{"id":196,"name":197,"tactic":324},{"name":75},{"id":326,"name":327,"tactics":328,"countermeasures":333},"T1550.004","Web Session Cookie",[329,330],{"id":101,"name":102},{"id":331,"name":332},"TA0109","Lateral Movement",[334,336,338,340,342,344,346,348,350,354,358,360,362,366,370,374,378,380,382,384,386,388,390,392,394,398,400,402,406,410],{"id":39,"name":40,"tactic":335},{"name":42},{"id":44,"name":45,"tactic":337},{"name":42},{"id":48,"name":49,"tactic":339},{"name":42},{"id":52,"name":53,"tactic":341},{"name":42},{"id":56,"name":57,"tactic":343},{"name":42},{"id":60,"name":61,"tactic":345},{"name":42},{"id":64,"name":65,"tactic":347},{"name":42},{"id":68,"name":69,"tactic":349},{"name":42},{"id":351,"name":352,"tactic":353},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":355,"name":356,"tactic":357},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":140,"name":141,"tactic":359},{"name":42},{"id":132,"name":133,"tactic":361},{"name":42},{"id":363,"name":364,"tactic":365},"D3-PT","Process Termination",{"name":147},{"id":367,"name":368,"tactic":369},"D3-PS","Process Suspension",{"name":147},{"id":371,"name":372,"tactic":373},"D3-HR","Host Reboot",{"name":147},{"id":375,"name":376,"tactic":377},"D3-HS","Host Shutdown",{"name":147},{"id":149,"name":150,"tactic":379},{"name":147},{"id":153,"name":154,"tactic":381},{"name":147},{"id":157,"name":158,"tactic":383},{"name":160},{"id":162,"name":163,"tactic":385},{"name":165},{"id":167,"name":168,"tactic":387},{"name":165},{"id":171,"name":172,"tactic":389},{"name":165},{"id":188,"name":189,"tactic":391},{"name":186},{"id":72,"name":73,"tactic":393},{"name":75},{"id":395,"name":396,"tactic":397},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":192,"name":193,"tactic":399},{"name":75},{"id":208,"name":209,"tactic":401},{"name":75},{"id":403,"name":404,"tactic":405},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":407,"name":408,"tactic":409},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":196,"name":197,"tactic":411},{"name":75},{"id":413,"name":414,"techniques":415},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":417,"name":418,"techniques":419},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":421,"name":422,"techniques":423},"CAPEC-89","Pharming",[],[425],{"_key":426,"name":427,"source":428,"url":429,"maturity":430,"reliability_score":431,"verified":432,"type":9,"platforms":433,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_FB822E841E6913FA","Exploit Reference (obsidiansecurity.com)","reference","https://www.obsidiansecurity.com/blog/cve-2025-34291-critical-account-takeover-and-rce-vulnerability-in-the-langflow-ai-agent-workflow-platform","unknown",0.2,false,[],[435,436],"GHSA-577h-p2hh-v4mv","PYSEC-2025-78",[],[],[],[],"2025-12-05T22:27:26.438Z","2026-05-22T03:55:45.916Z","Modified",{"cisa_kev":445,"cisa_ransomware":432,"cisa_vendor":446,"epss_severity":447,"epss_score":448,"severity":449,"severity_score":450,"severity_version":451,"severity_source":452,"severity_vector":453,"severity_status":443},true,"Langflow","high",0.312,"critical",9.4,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[455,466,472,477,481,485,489,493,497,501],{"url":429,"sources":456,"tags":459},[452,457,458],"nvd","osv_pypi",[460,461,462,463,464,465],"Technical Description","Exploit","Mitigation","Third Party Advisory","WEB","EVIDENCE",{"url":467,"sources":468,"tags":469},"https://github.com/langflow-ai/langflow",[452,457,458],[470,471],"Product","PACKAGE",{"url":473,"sources":474,"tags":475},"https://www.vulncheck.com/advisories/langflow-cors-misconfiguration-to-token-hijack-and-rce",[452,457,458],[463,464,476],"Advisory",{"url":478,"sources":479,"tags":480},"https://nvd.nist.gov/vuln/detail/CVE-2025-34291",[458],[476],{"url":482,"sources":483,"tags":484},"https://github.com/langflow-ai/langflow/pull/10139",[458],[464],{"url":486,"sources":487,"tags":488},"https://github.com/langflow-ai/langflow/pull/10696",[458],[464],{"url":490,"sources":491,"tags":492},"https://github.com/langflow-ai/langflow/pull/9240",[458],[464],{"url":494,"sources":495,"tags":496},"https://github.com/langflow-ai/langflow/pull/9441",[458],[464],{"url":498,"sources":499,"tags":500},"https://www.crowdsec.net/vulntracking-report/cve-2025-34291",[452,457],[463],{"url":502,"sources":503,"tags":504},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34291",[452,457],[505],"Government Resource",[507],{"source":508,"vendor":446,"product":446,"date_added":509,"vulnerability_name":510,"short_description":511,"required_action":512,"due_date":513,"known_ransomware_campaign_use":514,"notes":515,"exploitation_type":9},"cisa","2026-05-21","Langflow Origin Validation Error Vulnerability","Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.","Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","2026-06-04","Unknown","This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291",{"date":517,"score":448,"percentile":518},"2026-05-22",0.9683,[520,524,527,530,533,536,540,543,546,549,552,555,558,561,564,567,570,573,576,579,582,585,587,590,593,596,599,602,605,608,612,615,619,622,625,627,630,634,637,640,643,646,649,653,657,661,664,667,670,673,676,679,682,684,687,690,694,697,701,705,708,711,714,717,720,722,725,728,732,735,738,740,743,745,748,751,754,757,760,763,766,768,771,773,776,778,781,784,787,790],{"date":521,"score":522,"percentile":523},"2025-12-06",0.00086,0.2517,{"date":525,"score":522,"percentile":526},"2025-12-07",0.25138,{"date":528,"score":522,"percentile":529},"2025-12-08",0.25142,{"date":531,"score":522,"percentile":532},"2025-12-09",0.25193,{"date":534,"score":522,"percentile":535},"2025-12-10",0.25258,{"date":537,"score":538,"percentile":539},"2025-12-11",0.00113,0.30612,{"date":541,"score":538,"percentile":542},"2025-12-12",0.30643,{"date":544,"score":538,"percentile":545},"2025-12-13",0.30633,{"date":547,"score":538,"percentile":548},"2025-12-14",0.30609,{"date":550,"score":538,"percentile":551},"2025-12-15",0.30577,{"date":553,"score":538,"percentile":554},"2025-12-16",0.30596,{"date":556,"score":538,"percentile":557},"2025-12-17",0.30637,{"date":559,"score":538,"percentile":560},"2025-12-18",0.30683,{"date":562,"score":538,"percentile":563},"2025-12-19",0.30696,{"date":565,"score":538,"percentile":566},"2025-12-20",0.30674,{"date":568,"score":538,"percentile":569},"2025-12-21",0.30634,{"date":571,"score":538,"percentile":572},"2025-12-22",0.3059,{"date":574,"score":538,"percentile":575},"2025-12-23",0.30561,{"date":577,"score":538,"percentile":578},"2025-12-24",0.30559,{"date":580,"score":538,"percentile":581},"2025-12-25",0.30624,{"date":583,"score":538,"percentile":584},"2025-12-26",0.30622,{"date":586,"score":538,"percentile":581},"2025-12-27",{"date":588,"score":538,"percentile":589},"2025-12-28",0.30548,{"date":591,"score":538,"percentile":592},"2025-12-29",0.30522,{"date":594,"score":538,"percentile":595},"2025-12-30",0.30519,{"date":597,"score":538,"percentile":598},"2025-12-31",0.30569,{"date":600,"score":538,"percentile":601},"2026-01-01",0.30697,{"date":603,"score":538,"percentile":604},"2026-01-02",0.30687,{"date":606,"score":538,"percentile":607},"2026-01-03",0.30668,{"date":609,"score":610,"percentile":611},"2026-01-04",0.02626,0.8526,{"date":613,"score":610,"percentile":614},"2026-01-05",0.85253,{"date":616,"score":617,"percentile":618},"2026-01-06",0.03305,0.86864,{"date":620,"score":617,"percentile":621},"2026-01-07",0.86866,{"date":623,"score":617,"percentile":624},"2026-01-08",0.86875,{"date":626,"score":617,"percentile":624},"2026-01-09",{"date":628,"score":617,"percentile":629},"2026-01-10",0.86876,{"date":631,"score":632,"percentile":633},"2026-01-11",0.02458,0.8481,{"date":635,"score":632,"percentile":636},"2026-01-12",0.84804,{"date":638,"score":632,"percentile":639},"2026-01-13",0.84802,{"date":641,"score":632,"percentile":642},"2026-01-14",0.8482,{"date":644,"score":632,"percentile":645},"2026-01-15",0.84817,{"date":647,"score":632,"percentile":648},"2026-01-16",0.84825,{"date":650,"score":651,"percentile":652},"2026-01-17",0.14647,0.94271,{"date":654,"score":655,"percentile":656},"2026-01-18",0.16928,0.94754,{"date":658,"score":659,"percentile":660},"2026-01-19",0.16525,0.94687,{"date":662,"score":659,"percentile":663},"2026-01-20",0.94691,{"date":665,"score":659,"percentile":666},"2026-01-21",0.94692,{"date":668,"score":659,"percentile":669},"2026-01-22",0.94695,{"date":671,"score":659,"percentile":672},"2026-01-23",0.94701,{"date":674,"score":659,"percentile":675},"2026-01-24",0.94705,{"date":677,"score":659,"percentile":678},"2026-01-25",0.94708,{"date":680,"score":659,"percentile":681},"2026-01-26",0.9471,{"date":683,"score":659,"percentile":681},"2026-01-27",{"date":685,"score":659,"percentile":686},"2026-01-28",0.94712,{"date":688,"score":659,"percentile":689},"2026-01-29",0.94714,{"date":691,"score":692,"percentile":693},"2026-01-30",0.15398,0.94458,{"date":695,"score":692,"percentile":696},"2026-01-31",0.94461,{"date":698,"score":699,"percentile":700},"2026-02-01",0.13458,0.9405,{"date":702,"score":703,"percentile":704},"2026-02-02",0.12393,0.93737,{"date":706,"score":703,"percentile":707},"2026-02-03",0.9374,{"date":709,"score":703,"percentile":710},"2026-02-04",0.93706,{"date":712,"score":703,"percentile":713},"2026-02-05",0.93708,{"date":715,"score":703,"percentile":716},"2026-02-06",0.93709,{"date":718,"score":703,"percentile":719},"2026-02-07",0.93711,{"date":721,"score":703,"percentile":719},"2026-02-08",{"date":723,"score":703,"percentile":724},"2026-02-09",0.93713,{"date":726,"score":703,"percentile":727},"2026-02-10",0.93714,{"date":729,"score":730,"percentile":731},"2026-02-11",0.14036,0.94172,{"date":733,"score":730,"percentile":734},"2026-02-12",0.94176,{"date":736,"score":730,"percentile":737},"2026-02-13",0.94175,{"date":739,"score":730,"percentile":737},"2026-02-14",{"date":741,"score":730,"percentile":742},"2026-02-15",0.94171,{"date":744,"score":730,"percentile":742},"2026-02-16",{"date":746,"score":730,"percentile":747},"2026-02-17",0.94173,{"date":749,"score":730,"percentile":750},"2026-02-18",0.94181,{"date":752,"score":730,"percentile":753},"2026-02-19",0.94187,{"date":755,"score":730,"percentile":756},"2026-02-20",0.94188,{"date":758,"score":730,"percentile":759},"2026-02-21",0.94194,{"date":761,"score":730,"percentile":762},"2026-02-22",0.94193,{"date":764,"score":730,"percentile":765},"2026-02-23",0.94191,{"date":767,"score":730,"percentile":762},"2026-02-24",{"date":769,"score":730,"percentile":770},"2026-02-25",0.94195,{"date":772,"score":730,"percentile":770},"2026-02-26",{"date":774,"score":730,"percentile":775},"2026-02-27",0.94198,{"date":777,"score":730,"percentile":775},"2026-02-28",{"date":779,"score":730,"percentile":780},"2026-03-01",0.94233,{"date":782,"score":730,"percentile":783},"2026-03-02",0.94235,{"date":785,"score":730,"percentile":786},"2026-03-03",0.94236,{"date":788,"score":730,"percentile":789},"2026-03-04",0.94199,{"date":791,"score":730,"percentile":792},"2026-03-05",0.94206,[794,797,806],{"source":452,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":795},{"baseScore":450,"baseSeverity":796,"vectorString":453,"impactScore":9,"exploitabilityScore":9},"CRITICAL",{"source":457,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":798,"cvss_v4_0":804},{"baseScore":799,"baseSeverity":800,"vectorString":801,"impactScore":802,"exploitabilityScore":803},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,7.2,{"baseScore":450,"baseSeverity":796,"vectorString":805,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":458,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":807,"cvss_v4_0":9},{"baseScore":799,"baseSeverity":9,"vectorString":801,"impactScore":802,"exploitabilityScore":803},[809,818],{"ecosystem":9,"name":810,"vendor":810,"product":810,"cpe_part":811,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":812},"langflow","a",[813],{"version":814,"is_range":445,"range_type":815,"version_start":9,"version_start_type":9,"version_end":816,"version_end_type":817,"fixed_in":9},"lte1.6.9","cpe","1.6.9","including",{"ecosystem":819,"name":810,"vendor":819,"product":810,"cpe_part":9,"purl_type":820,"purl_namespace":9,"purl_name":810,"source":9,"versions":821},"PyPI","pypi",[822,825],{"version":823,"is_range":445,"range_type":824,"version_start":9,"version_start_type":9,"version_end":816,"version_end_type":817,"fixed_in":9},"lte1_6_9","ecosystem",{"version":826,"is_range":445,"range_type":824,"version_start":9,"version_start_type":9,"version_end":827,"version_end_type":828,"fixed_in":9},"lt1_7_0","1.7.0","excluding"]