CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

179 matches found

EUVD•added 2025/12/26 6:18 p.m.•3 views

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

9.9CVSS6.7AI score0.00035EPSS

Exploits4References3

CNNVD•added 2025/12/26 12:0 a.m.•2 views

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n version 1.0.0 through versions prior to 2.0.0, which stems from a sandbox bypass issue in Python Code Node that could lead to the execution of arbitrary commands...

9.9CVSS7.3AI score0.00035EPSS

Exploits4References2

CNNVD•added 2025/12/26 12:0 a.m.•3 views

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 2.0.0 that stems from Code node being able to call internal helper functions that could result in reading or writing to the host file system...

7.1CVSS6.5AI score0.00014EPSS

Exploits0References2

Positive Technologies•added 2025/12/26 12:0 a.m.•2 views

PT-2025-53606

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...

7.1CVSS6.8AI score0.00014EPSS

Exploits0References6

Positive Technologies•added 2025/12/24 12:0 a.m.•1 views

PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

9.9CVSS7.8AI score0.00035EPSS

Exploits4References82

Snyk•added 2025/12/04 2:5 p.m.•1 views

Remote Code Execution (RCE)

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrar...

9.9CVSS8AI score0.00035EPSS

Exploits4References3

Snyk•added 2025/12/04 2:5 p.m.•1 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the host system by creating or...

9.9CVSS7.8AI score0.00035EPSS

Exploits4References3

Snyk•added 2025/12/04 2:5 p.m.•1 views

Remote Code Execution (RCE)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary...

9.9CVSS7.5AI score0.00035EPSS

Exploits4References3

OSV•added 2025/11/12 4:29 a.m.•1 views

MAL-2025-148150 Malicious code in spica-andromeda-loglevel-terser-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62ee7b475b2f16de2e6e7f62b3abf6ed1d28eb1e3edf099e0649c2203bbd9fab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

Exploits0

EUVD•added 2025/11/10 4:5 a.m.•1 views

EUVD-2025-40238

Malicious code in candra-sambalado79-sluey npm...

6.6AI score

Exploits0

OSV•added 2025/08/21 6:51 p.m.•1 views

MAL-2025-41356 Malicious code in @navify-platform/event (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

6.9AI score

Exploits0