Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/02/25 9:54 p.m.4 views

GHSA-X2MW-7J39-93XQ n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...

9CVSS6.5AI score0.00594EPSS
Exploits0References7
Snyk
Snykadded 2025/10/09 3:26 p.m.2 views

Command Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS8AI score
Exploits0References2
Snyk
Snykadded 2025/10/09 3:26 p.m.1 views

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Execute Command node. An attacker can execute arbitrary commands on the host system by leveraging access to an authenticated user account, potentially leading to data...

8.8CVSS7.9AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/09/17 4:52 p.m.6 views

CVE-2025-58177

n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting XSS vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages...

5.4CVSS5.5AI score0.00041EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/09/15 5:14 p.m.5 views

Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

5.4CVSS5.7AI score0.00041EPSS
Exploits0References6Affected Software1
Drupal
Drupaladded 2014/02/05 12:0 a.m.12 views

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...

6.7AI score
Exploits0References13
Rows per page
Query Builder