Lucene search
K

26 matches found

Snyk
Snyk
added 2026/05/14 4:17 p.m.9 views

Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

8.3CVSS6.1AI score0.00632EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:0 p.m.20 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution in the Xml class, which implements an XML node. A user with permission to create or modify workflows can achieve remote code execution on the host system. Note: This is a bypass ...

9.9CVSS6.5AI score0.00634EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:0 p.m.9 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the pagination parameter in the HTTP Request node. An attacker can execute arbitrary code on the instance by achieving global prototype pollution and chaining this with other...

9.9CVSS6.6AI score0.00632EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/29 9:25 p.m.6 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the xml node. An attacker can execute arbitrary code by exploiting prototype pollution when creating or modifying workflows. Note: This is only exploitable if the attacker is...

9.9CVSS6.4AI score0.00478EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/29 9:8 p.m.6 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the Limit field in the Oracle Database node when user-controlled input is passed through expressions without proper sanitization or parameterization. An attacker can execute...

9.8CVSS6.1AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 6:5 p.m.4 views

Cross-site Scripting (XSS)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Form Trigger node. An attacker can execute arbitrary scripts in the context of users visiting a published form by injecting malicious payloads, potentially leading t...

5.4CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/03/26 4:41 p.m.1 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the GSuiteAdmin node parameter. An attacker with permissions to create or modify workflows can execute arbitrary code by supplying crafted parameters that pollute...

9.4CVSS6.7AI score0.00765EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:56 p.m.5 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the MySQL, PostgreSQL, and Microsoft SQL nodes due to improper escaping of identifier values. An attacker can execute arbitrary SQL commands by supplying specially crafted table or...

8.2CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/02/25 10:28 p.m.4 views

Cross-site Scripting (XSS)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the workflow creation and editing process in various nodes, including Form Trigger, Chat Trigger, Send & Wait, Webhook, and Chat nodes. An attacker can execute arbitrary...

8.5CVSS5.9AI score0.00185EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 9:22 p.m.5 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to insufficient restrictions in the Python Code node sandbox. An attacker can access sensitive files or execute arbitra...

9.9CVSS6.3AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 9:21 p.m.4 views

Eval Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression. Note: This is only exploitable if a workflow...

9.5CVSS6.3AI score0.01074EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/04 7:42 p.m.5 views

Protection Mechanism Failure

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Protection Mechanism Failure via the Python Code node. An attacker can execute arbitrary code outside the intended security boundary by leveraging authenticated access and enabling Task Runners with...

9.9CVSS6.8AI score0.00526EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 7:39 p.m.5 views

Arbitrary File Upload

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Merge node's SQL Query mode. An attacker can write arbitrary files to the server's filesystem and potentially execute remote code by crafting malicious workflows. Note:...

9.9CVSS6.5AI score0.00664EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 7:36 p.m.4 views

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the SSH node when workflows process uploaded files and transfer them to remote servers without validating their metadata. An attacker can write files to unintended locations ...

9CVSS6.8AI score0.01713EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/04 6:38 p.m.3 views

Command Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Command Injection via the Git node. An attacker can execute arbitrary system commands or read arbitrary files on the host by creating or modifying workflows as an authenticated user with the necessa...

9.9CVSS6.1AI score0.00568EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/07 7:22 p.m.6 views

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the Stripe Trigger node that does not verify incoming webhook requests against Stripe webhook signing secret. An attacker with valid webhook URL can execute unauthorized...

6.5CVSS6.6AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/07 7:20 p.m.10 views

Improper Validation of Specified Type of Input

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected...

10CVSS7.2AI score0.71647EPSS
Exploits18References2
Snyk
Snyk
added 2026/01/06 5:48 p.m.7 views

Arbitrary File Upload

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Git Node. An authenticated user can achieve execution of untrusted code by uploading malicious files that are subsequently executed by the service. This can lead to ful...

9.9CVSS6.3AI score0.05258EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/25 10:3 a.m.7 views

Permissive List of Allowed Inputs

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the Webhook Node's IP whitelist validation due to includes method performing partial string matching instead of exact IP comparison. An attacker can gain...

6.9CVSS6.6AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/08 9:30 p.m.4 views

Unsafe Dependency Resolution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a...

9.9CVSS7.9AI score0.00616EPSS
Exploits1References2
Rows per page
Query Builder