ROOT-APP-NPM-CVE-2025-68613 CVE-2025-68613 in @rootio/n8n - Patched by Root

Root has patched CVE-2025-68613 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

n8n Node.js Package < 1.122.5 / 1.123.x < 1.123.2 Stored XSS (CVE-2026-25051)

The version of the n8n Node.js Package installed on the remote host is prior to 1.122.5, or 1.123.x prior to 1.123.2. It is, therefore, affected by a stored cross-site scripting vulnerability: - A cross-site scripting XSS vulnerability has been identified in the handling of webhook responses and...

n8n Node.js Package < 1.123.10 / 2.x < 2.5.0 OS Command Injection (CVE-2026-25053)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.10, or 2.x prior to 2.5.0. It is, therefore, affected by a command injection vulnerability: - Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute...

n8n Node.js Package >= 1.65.0 < 1.114.3 Unsafe Buffer Allocation Memory Disclosure (CVE-2025-61917)

The version of the n8n Node.js Package installed on the remote host is = 1.65.0 and prior to 1.114.3. It is, therefore, affected by an information disclosure vulnerability: - The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allows untrusted code to allocate uninitialize...

n8n Node.js Package >= 0.187.0 < 1.120.3 Command Injection (CVE-2026-21893)

The version of the n8n Node.js Package installed on the remote host is = 0.187.0 and prior to 1.120.3. It is, therefore, affected by a command injection vulnerability: - A command injection vulnerability was identified in n8n's community package installation functionality. The issue allows...

n8n Node.js Package < 1.123.12 / 2.x < 2.4.0 Arbitrary File Write via SSH Node (CVE-2026-25055)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.12, or 2.x prior to 2.4.0. It is, therefore, affected by an arbitrary file write vulnerability: - When workflows process uploaded files and transfer them to remote servers via the SSH node without validating the...

n8n Node.js Package < 1.121.3 RCE (CVE-2026-21877)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.3. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n...

Malicious code in n8n-nodes-hfgjf-irtuinvcm-lasdqewriit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4dabf38b16acea59219df3a3f57a396f3ebe958985096579cd43c419609b764 The package n8n-nodes-hfgjf-irtuinvcm-lasdqewriit was found to contain malicious code. Source: ghsa-malware...

EUVD-2023-1511

Malicious code in bioql PyPI...

EUVD-2023-1620

Malicious code in bioql PyPI...

EUVD-2023-1590

Malicious code in bioql PyPI...

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

CVE-2023-27562

The n8n package 0.218.0 for Node.js allows Directory Traversal...

CVE-2023-27563

The n8n package 0.218.0 for Node.js allows Escalation of Privileges...

n8n Information Disclosure vulnerability

The n8n package prior to 0.216.1 for Node.js allows Information Disclosure...

GHSA-P58X-7733-VP9M n8n Directory Traversal vulnerability

The n8n package prior to version 0.216.1 for Node.js allows Directory Traversal...

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

CVE-2023-27563

The n8n package 0.218.0 for Node.js allows Escalation of Privileges...

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...