CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

CVE-2026-44680

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper Platform.quoteIdentifier and the postgres/mssql overrides and its JSON-path emitters...

EUVD-2026-27113

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

GHSA-HP3C-VFPM-Q4F7 n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

GHSA-GPJ5-G38J-94V9 Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

Drizzle ORM has SQL injection via improperly escaped SQL identifiers

Summary Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or backticks. As a result, applications that pass attacker-controlled...

Parse Server has a SQL injection via query field name when using PostgreSQL

Impact An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a $regex query operator is passed to PostgreSQL using unparameterized string interpolation...

CVE-2025-13601 Glib: integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...