Skip to main content

Dify

37 CVEs product

Monthly

CVE-2026-61461 HIGH POC PATCH This Week

SQL injection in Dify's MyScale vector store backend (versions before 1.16.0-rc1) lets authenticated attackers execute arbitrary SQL against the underlying ClickHouse database by passing unsanitized search parameters into the search_by_full_text method. Because those parameters are concatenated into the query without escaping or parameterization, an attacker can read, modify, or delete stored vector-store data. Publicly available exploit code exists (VulnCheck advisory and GitHub issue #38281) and a vendor patch is available; there is no confirmation of active in-the-wild exploitation.

SQLi Dify
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-41949 HIGH POC PATCH This Week

{file_id}/preview endpoint. The flaw is amplified on Dify Cloud, where free self-registration makes account creation trivial, and publicly available exploit code exists via the Huntr disclosure. No CISA KEV listing has been recorded at time of analysis, but the combination of low-friction account access and a documented PoC raises practical exposure considerably.

Authentication Bypass Dify
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-41948 CRITICAL POC Act Now

Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. CVSS 4.0 is rated 9.2 with high confidentiality and integrity impact.

Path Traversal Dify
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-41947 CRITICAL POC PATCH Act Now

Cross-tenant authorization bypass in LangGenius Dify versions through 1.14.1 lets any logged-in editor reroute another tenant's LLM trace traffic - including prompts and model responses - to an attacker-controlled observability provider. Because Dify Cloud permits free self-registration, the authentication barrier is effectively trivial; publicly available exploit code exists and a vendor patch is shipped via PR #35793. The flaw is an instance of CWE-639 (insecure direct object reference) in the trace-configuration endpoints, which accepted an app_id without validating tenant ownership.

Authentication Bypass Dify
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-41950 MEDIUM POC PATCH This Month

Dify before version 1.14.0 allows authenticated users to bypass authorization controls and read arbitrary files uploaded by other users within the same tenant by supplying unauthorized file UUIDs in chat-messages API requests. The vulnerability exploits insufficient permission verification on file access endpoints, enabling attackers to circumvent workspace separation and signed URL protections to retrieve sensitive file contents processed through workflows. Publicly available exploit code exists, and a vendor-released patch (version 1.14.0) is available.

Authentication Bypass Dify
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-42138 MEDIUM PATCH This Month

Unauthenticated users can upload SVG files containing XSS payloads via POST /api/files/upload in Dify prior to version 1.13.1, allowing cross-site scripting attacks against application users. The authenticated endpoint POST /v1/files/upload is similarly vulnerable. This vulnerability enables attackers to execute arbitrary JavaScript in the context of victim browsers, potentially compromising user sessions or stealing sensitive data without requiring any authentication or user interaction.

XSS Dify
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-34082 MEDIUM This Month

Dify prior to version 1.13.1 allows any authenticated user to delete other users' chat histories via the DELETE /console/api/installed-apps/<appId>/conversations/<conversationId> endpoint due to insufficient authorization checks. An authenticated attacker can target any conversation ID to perform unauthorized deletion, resulting in data loss for other users. This vulnerability requires valid Dify authentication but no special privileges, affecting all vulnerable versions via network access.

Authentication Bypass Dify
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-6619 LOW POC Monitor

Cross-site scripting in Dify's ImagePreview component (web/app/components/base/image-uploader/image-preview.tsx) allows authenticated users to inject malicious scripts via the filename argument in the openInNewTab function, affecting versions up to 1.13.3. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting impact to low integrity compromise with no confidentiality or availability impact. Publicly available exploit code exists; vendor has not responded to early disclosure.

XSS Dify
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-6618 LOW POC Monitor

Server-side request forgery in Dify up to version 1.13.3 allows authenticated remote attackers to manipulate the URL argument in the ApiBasedToolSchemaParser component, enabling arbitrary HTTP requests from the server to internal or external systems. The vulnerability affects the parse_openai_plugin_json_to_tool_bundle function in api/core/tools/utils/parser.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.

SSRF Dify
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6617 LOW POC Monitor

Server-side request forgery (SSRF) in Dify's ApiToolManageService allows authenticated remote attackers to manipulate the URL argument in the get_api_tool_provider_remote_schema function, enabling them to make arbitrary HTTP requests from the server. Affects Dify versions up to 0.6.9. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.

SSRF Dify
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-21866 MEDIUM POC PATCH This Month

Dify versions prior to 1.11.2 contain a stored cross-site scripting vulnerability in Mermaid diagram rendering due to insecure default security configurations, allowing authenticated attackers with user interaction to inject and execute malicious scripts with cross-site impact. Public exploit code exists for this vulnerability, affecting users and developers of the Dify LLM application development platform. A patch is available in version 1.11.2 and later.

XSS AI / ML Dify
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-28288 MEDIUM POC This Month

Dify versions prior to 1.9.0 leak information through inconsistent API responses that distinguish between registered and non-registered email addresses, enabling attackers to enumerate valid user accounts. Public exploit code exists for this vulnerability, and affected users should upgrade to version 1.9.0 or later to remediate the information disclosure risk.

Information Disclosure AI / ML Dify
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-26023 MEDIUM POC PATCH This Month

Dify versions prior to 1.13.0 contain a stored cross-site scripting vulnerability in the chat frontend's echarts integration that executes malicious JavaScript payloads embedded in user or LLM-generated inputs. An attacker can exploit this to perform actions in the context of other users' browsers, potentially stealing session tokens or conducting phishing attacks. Public exploit code exists for this vulnerability, though a patch is available in version 1.13.0 and later.

XSS AI / ML Dify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67732 MEDIUM POC This Month

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. [CVSS 6.5 MEDIUM]

Authentication Bypass Information Disclosure AI / ML Dify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-56157 CRITICAL POC Act Now

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 allow anyone who can reach the database port to authenticate with full read/write access to the backend datastore. Publicly available exploit code exists, though EPSS remains low (0.81%) and the vendor states the database port is not network-exposed by default in 1.0.1 and later, limiting realistic reach. There is no public exploit identified as actively used in the wild (not in CISA KEV).

Authentication Bypass PostgreSQL Docker Dify
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-56520 MEDIUM POC This Month

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-59422 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-3467 MEDIUM POC PATCH This Month

An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker.

XSS Mozilla Dify Firefox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-3466 HIGH POC PATCH This Week

CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.

RCE Authentication Bypass Dify
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-49149 MEDIUM POC This Month

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.

XSS Dify
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-43854 LOW PATCH Monitor

DIFY is an open-source LLM app development platform. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dify
NVD GitHub
CVSS 4.0
2.3
EPSS
0.2%
CVE-2025-43862 HIGH POC PATCH This Week

Dify is an open-source LLM app development platform. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-32796 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-32795 MEDIUM POC This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32790 MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-29720 MEDIUM POC This Month

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-1796 HIGH POC This Week

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dify
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-0185 HIGH POC This Week

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dify
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-0184 MEDIUM POC PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Dify
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12776 HIGH POC This Week

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Dify
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2024-12775 MEDIUM POC This Month

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-12039 HIGH POC This Week

langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Dify
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-11850 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dify
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-11824 HIGH POC PATCH This Week

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dify
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-11822 HIGH POC This Week

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Dify
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-11821 MEDIUM POC This Month

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dify
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2024-10252 HIGH POC PATCH This Week

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SSRF Code Injection Python Dify
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

SQL injection in Dify's MyScale vector store backend (versions before 1.16.0-rc1) lets authenticated attackers execute arbitrary SQL against the underlying ClickHouse database by passing unsanitized search parameters into the search_by_full_text method. Because those parameters are concatenated into the query without escaping or parameterization, an attacker can read, modify, or delete stored vector-store data. Publicly available exploit code exists (VulnCheck advisory and GitHub issue #38281) and a vendor patch is available; there is no confirmation of active in-the-wild exploitation.

SQLi Dify
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

{file_id}/preview endpoint. The flaw is amplified on Dify Cloud, where free self-registration makes account creation trivial, and publicly available exploit code exists via the Huntr disclosure. No CISA KEV listing has been recorded at time of analysis, but the combination of low-friction account access and a documented PoC raises practical exposure considerably.

Authentication Bypass Dify
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. CVSS 4.0 is rated 9.2 with high confidentiality and integrity impact.

Path Traversal Dify
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Cross-tenant authorization bypass in LangGenius Dify versions through 1.14.1 lets any logged-in editor reroute another tenant's LLM trace traffic - including prompts and model responses - to an attacker-controlled observability provider. Because Dify Cloud permits free self-registration, the authentication barrier is effectively trivial; publicly available exploit code exists and a vendor patch is shipped via PR #35793. The flaw is an instance of CWE-639 (insecure direct object reference) in the trace-configuration endpoints, which accepted an app_id without validating tenant ownership.

Authentication Bypass Dify
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

Dify before version 1.14.0 allows authenticated users to bypass authorization controls and read arbitrary files uploaded by other users within the same tenant by supplying unauthorized file UUIDs in chat-messages API requests. The vulnerability exploits insufficient permission verification on file access endpoints, enabling attackers to circumvent workspace separation and signed URL protections to retrieve sensitive file contents processed through workflows. Publicly available exploit code exists, and a vendor-released patch (version 1.14.0) is available.

Authentication Bypass Dify
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unauthenticated users can upload SVG files containing XSS payloads via POST /api/files/upload in Dify prior to version 1.13.1, allowing cross-site scripting attacks against application users. The authenticated endpoint POST /v1/files/upload is similarly vulnerable. This vulnerability enables attackers to execute arbitrary JavaScript in the context of victim browsers, potentially compromising user sessions or stealing sensitive data without requiring any authentication or user interaction.

XSS Dify
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Dify prior to version 1.13.1 allows any authenticated user to delete other users' chat histories via the DELETE /console/api/installed-apps/<appId>/conversations/<conversationId> endpoint due to insufficient authorization checks. An authenticated attacker can target any conversation ID to perform unauthorized deletion, resulting in data loss for other users. This vulnerability requires valid Dify authentication but no special privileges, affecting all vulnerable versions via network access.

Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

Cross-site scripting in Dify's ImagePreview component (web/app/components/base/image-uploader/image-preview.tsx) allows authenticated users to inject malicious scripts via the filename argument in the openInNewTab function, affecting versions up to 1.13.3. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting impact to low integrity compromise with no confidentiality or availability impact. Publicly available exploit code exists; vendor has not responded to early disclosure.

XSS Dify
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Server-side request forgery in Dify up to version 1.13.3 allows authenticated remote attackers to manipulate the URL argument in the ApiBasedToolSchemaParser component, enabling arbitrary HTTP requests from the server to internal or external systems. The vulnerability affects the parse_openai_plugin_json_to_tool_bundle function in api/core/tools/utils/parser.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification.

SSRF Dify
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Server-side request forgery (SSRF) in Dify's ApiToolManageService allows authenticated remote attackers to manipulate the URL argument in the get_api_tool_provider_remote_schema function, enabling them to make arbitrary HTTP requests from the server. Affects Dify versions up to 0.6.9. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts.

SSRF Dify
NVD VulDB GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Dify versions prior to 1.11.2 contain a stored cross-site scripting vulnerability in Mermaid diagram rendering due to insecure default security configurations, allowing authenticated attackers with user interaction to inject and execute malicious scripts with cross-site impact. Public exploit code exists for this vulnerability, affecting users and developers of the Dify LLM application development platform. A patch is available in version 1.11.2 and later.

XSS AI / ML Dify
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Dify versions prior to 1.9.0 leak information through inconsistent API responses that distinguish between registered and non-registered email addresses, enabling attackers to enumerate valid user accounts. Public exploit code exists for this vulnerability, and affected users should upgrade to version 1.9.0 or later to remediate the information disclosure risk.

Information Disclosure AI / ML Dify
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Dify versions prior to 1.13.0 contain a stored cross-site scripting vulnerability in the chat frontend's echarts integration that executes malicious JavaScript payloads embedded in user or LLM-generated inputs. An attacker can exploit this to perform actions in the context of other users' browsers, potentially stealing session tokens or conducting phishing attacks. Public exploit code exists for this vulnerability, though a patch is available in version 1.13.0 and later.

XSS AI / ML Dify
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. [CVSS 6.5 MEDIUM]

Authentication Bypass Information Disclosure AI / ML +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 allow anyone who can reach the database port to authenticate with full read/write access to the backend datastore. Publicly available exploit code exists, though EPSS remains low (0.81%) and the vendor states the database port is not network-exposed by default in 1.0.1 and later, limiting realistic reach. There is no public exploit identified as actively used in the wild (not in CISA KEV).

Authentication Bypass PostgreSQL Docker +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker.

XSS Mozilla Dify +1
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.

RCE Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.

XSS Dify
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

DIFY is an open-source LLM app development platform. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Dify
NVD GitHub
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

Dify is an open-source LLM app development platform. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

Dify is an open-source LLM app development platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dify
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dify
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dify
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Dify
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC This Week

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Dify
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Dify
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Dify
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dify
NVD
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dify
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Authentication Bypass Dify
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dify
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SSRF Code Injection +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy