pkg:npm/n8n

67 total CVEsCRITICAL17HIGH16MEDIUM18

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2025-68613⚠ KEVn8n Vulnerable to Remote Code Execution via Expression Injection
    >= 0.211.0, < 1.120.4
  • CRITICAL10.0CVE-2026-42231n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
    from 0, < 1.123.32
  • CRITICAL10.0CVE-2026-21858n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
    >= 1.65.0, < 1.121.0
  • CRITICAL9.9CVE-2026-42232n8n has XML Node Prototype Pollution that to RCE
    >= 2.18.0, < 2.18.1
  • CRITICAL9.9CVE-2026-33713n8n has SQL Injection in Data Table Node via orderByColumn Expression
    from 0, < 1.123.26
  • CRITICAL9.9CVE-2026-33696n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE
    >= 2.14.0, < 2.14.1
  • CRITICAL9.9CVE-2026-33663n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
    from 0, < 1.123.27
  • CRITICAL9.9CVE-2026-33660n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
    >= 2.14.0, < 2.14.1
  • CRITICAL9.9CVE-2026-27577n8n: Expression Sandbox Escape Leads to RCE
    from 0, < 1.123.22
  • CRITICAL9.9CVE-2026-27497n8n has Potential Remote Code Execution via Merge Node
    from 0, < 1.123.22
  • CRITICAL9.9CVE-2026-27494n8n has Arbitrary File Read via Python Code Node Sandbox Escape
    from 0, < 1.123.22
  • CRITICAL9.9CVE-2026-25115n8n has a Python sandbox escape
    from 0, < 2.4.8
  • CRITICAL9.9CVE-2026-1470n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution
    from 0, < 1.123.17
  • CRITICAL9.9CVE-2026-21877n8n Vulnerable to RCE via Arbitrary File Write
    >= 0.123.0, < 1.121.3
  • CRITICAL9.9CVE-2025-68668n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
    >= 1.0.0, < 2.0.0
  • CRITICAL9.8CVE-2026-42233n8n has SQL Injection in Oracle Database Node via Limit Field
    from 0, < 1.123.32
  • CRITICAL9.0CVE-2026-27493n8n has Unauthenticated Expression Evaluation via Form Node
    from 0, < 1.123.22
  • HIGH8.9CVE-2026-33749n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
    from 0, < 1.123.27
  • HIGH8.8CVE-2025-62726n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
    from 0, < 1.113.0
  • HIGH8.8CVE-2023-27563n8n Privilege Escalation vulnerability
    from 0, < 0.216.1
  • HIGH8.7CVE-2025-52478Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
    >= 1.77.0, < 1.98.2
  • HIGH8.5CVE-2026-42226n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay
    >= 2.17.0, < 2.17.5
  • HIGH8.5CVE-2026-27498n8n has Arbitrary Command Execution via File Write and Git Operations
    from 0, < 1.123.8
  • HIGH8.2CVE-2026-42235n8n Vulnerable to XSS via MCP OAuth client
    from 0, < 1.123.32
  • HIGH8.2CVE-2026-42237n8n has SQL Injection in Snowflake and MySQL Nodes
    from 0, < 1.123.32
  • HIGH8.2CVE-2026-33665n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
    >= 2.0.0-rc.0, < 2.4.0
  • HIGH7.7CVE-2026-42227n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure
    from 0, < 1.123.32
  • HIGH7.7CVE-2025-61917n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner
    >= 1.65.0, < 1.114.3
  • HIGH7.5CVE-2026-42234n8n has a Python Task Runner Sandbox Escape Vulnerability
    from 0, < 1.123.32
  • HIGH7.5CVE-2026-42236n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
    from 0, < 1.123.32
  • HIGH7.5CVE-2023-27564n8n Information Disclosure vulnerability
    from 0, < 0.216.1
  • HIGH7.3CVE-2025-61914n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
    from 0, < 1.114.0
  • HIGH7.1CVE-2025-68697Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
    >= 1.2.1, < 2.0.0
  • MEDIUM6.8CVE-2026-42229n8n has SQL Injection in SeaTable Node
    from 0, < 1.123.32
  • MEDIUM6.5CVE-2026-27496n8n has In-Process Memory Disclosure in its Task Runner
    from 0, < 1.123.22
  • MEDIUM6.5CVE-2026-21894n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
    >= 0.150.0, < 2.2.2
  • MEDIUM6.5CVE-2025-57749n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files
    from 0, < 1.106.0
  • MEDIUM6.5CVE-2023-27562n8n Directory Traversal vulnerability
    from 0, < 0.216.1
  • MEDIUM6.3CVE-2026-33722n8n Has External Secrets Authorization Bypass in Credential Saving
    from 0, < 1.123.23
  • MEDIUM5.4CVE-2026-42228n8n Vulnerable to Hijacking of Unauthenticated Chat Execution
    from 0, < 1.123.32
  • MEDIUM5.4CVE-2026-33724n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
    from 0, < 2.5.0
  • MEDIUM5.4CVE-2026-27578n8n Vulnerable to Stored XSS via Various Nodes
    from 0, < 1.123.22
  • MEDIUM5.3CVE-2025-68949n8n: Webhook Node IP Whitelist Bypass via Partial String Matching
    >= 1.36.0, < 2.2.0
  • MEDIUM5.0CVE-2025-46343n8n Vulnerable to Stored XSS through Attachments View Endpoint
    from 0, < 1.90.0
  • MEDIUM4.9CVE-2025-49595n8n Vulnerable to Denial of Service via Malformed Binary Data Requests
    from 0, < 1.99.0
  • MEDIUM4.8CVE-2026-33751n8n Vulnerable to LDAP Filter Injection in LDAP Node
    from 0, < 1.123.27
  • MEDIUM4.7CVE-2026-42230n8n has Open Redirect in MCP OAuth Consent Flow
    from 0, < 1.123.32
  • MEDIUM4.7CVE-2026-33720n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK
    from 0, < 2.8.0
  • MEDIUM4.6CVE-2025-49592n8n allows open redirects via the /signin endpoint
    from 0, < 1.98.0
  • MEDIUM4.3CVE-2025-52554n8n is vulnerable to Improper Authorization through its `/stop` endpoint
    from 0, < 1.99.1
  • MEDIUM4.1CVE-2025-58177Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
    >= 1.24.0, < 1.107.0
  • CVE-2026-45732n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
    from 0, < 1.123.43
  • CVE-2026-44792n8n Has a Source Control Pull SQL Injection
    from 0, < 1.123.43
  • CVE-2026-44791n8n Has an XML Node Prototype Pollution Patch Bypass
    from 0, < 1.123.43
  • CVE-2026-44790n8n Has an Arbitrary File Read via Git Node
    from 0, < 1.123.43
  • CVE-2026-44789n8n: HTTP Request Node Pagination Prototype Pollution to RCE
    from 0, < 1.123.43
  • CVE-2026-27495n8n has a Sandbox Escape in its JavaScript Task Runner
    from 0, < 1.123.22
  • CVE-2026-25631n8n's domain allowlist bypass enables credential exfiltration
    from 0, < 1.121.0
  • CVE-2026-25056n8n Merge Node has Arbitrary File Write leading to RCE
    from 0, < 1.118.0
  • CVE-2026-25055n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node
    >= 2.0.0, < 2.4.0
  • CVE-2026-25054n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI
    >= 2.0.0, < 2.2.1
  • CVE-2026-25053n8n has OS Command Injection in Git Node
    >= 2.0.0, < 2.5.0
  • CVE-2026-25052n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users
    >= 2.0.0, < 2.5.0
  • CVE-2026-25051n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS
    >= 1.123.0, < 1.123.2
  • CVE-2026-25049n8n Has Expression Escape Vulnerability Leading to RCE
    from 0, < 1.123.17
  • CVE-2026-21893n8n Vulnerable to Command Injection in Community Package Installation
    >= 0.187.0, < 1.120.3
  • CVE-2025-65964n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
    >= 0.123.1, < 1.119.2