Vulnerabilities > Infiniflow > Ragflow > 0.11.0

DATE CVE VULNERABILITY TITLE RISK
2025-02-25 CVE-2025-27135 SQL Injection vulnerability in Infiniflow Ragflow
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine.
network
low complexity
infiniflow CWE-89
critical
 9.8
9.8
2024-10-19 CVE-2024-10131 Command Injection vulnerability in Infiniflow Ragflow 0.11.0
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability.
network
low complexity
infiniflow CWE-77
8.8
8.8