Lucene search
K

34 matches found

OSV
OSV
added 2 days ago7 views

ROOT-APP-NPM-CVE-2026-54312 CVE-2026-54312 in @rootio/n8n - Patched by Root

Root has patched CVE-2026-54312 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...

8.5CVSS5.3AI score0.00294EPSS
Exploits0
Snyk
Snyk
added 2026/06/23 7:20 p.m.12 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhookId parameter in the Chat Trigger node. An attacker can execute arbitrary JavaScript in the context of another user's session by injecting malicious code, which is the...

7CVSS5.9AI score0.0021EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

n8n Node.js Package < 1.123.48 / 2.x < 2.21.8 / 2.22.x < 2.22.4 Sandbox Escape (CVE-2026-49444)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.48, or 2.x prior to 2.21.8, or 2.22.x prior to 2.22.4. It is, therefore, affected by a sandbox escape vulnerability: - A vulnerability in the Python sandbox allows authenticated users to escape the sandbox and...

8.5CVSS6.2AI score0.00356EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/16 7:0 p.m.4 views

NPM: n8n: Same-Origin XSS in Respond to Webhook Node

NPM: n8n: Same-Origin XSS in Respond to Webhook Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

7CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/09 2:19 p.m.6 views

ROOT-APP-NPM-CVE-2025-68613 CVE-2025-68613 in @rootio/n8n - Patched by Root

Root has patched CVE-2025-68613 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...

9.9CVSS5.4AI score0.97875EPSS
Exploits29
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.9 views

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00632EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.3 views

n8n Node.js Package < 1.123.10 / 2.x < 2.5.0 OS Command Injection (CVE-2026-25053)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.10, or 2.x prior to 2.5.0. It is, therefore, affected by a command injection vulnerability: - Vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute...

9.9CVSS6.2AI score0.00568EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.1 views

n8n Node.js Package >= 0.187.0 < 1.120.3 Command Injection (CVE-2026-21893)

The version of the n8n Node.js Package installed on the remote host is = 0.187.0 and prior to 1.120.3. It is, therefore, affected by a command injection vulnerability: - A command injection vulnerability was identified in n8n's community package installation functionality. The issue allows...

9.4CVSS6.5AI score0.01343EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

n8n Node.js Package < 1.123.12 / 2.x < 2.4.0 Arbitrary File Write via SSH Node (CVE-2026-25055)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.12, or 2.x prior to 2.4.0. It is, therefore, affected by an arbitrary file write vulnerability: - When workflows process uploaded files and transfer them to remote servers via the SSH node without validating the...

8.1CVSS6.3AI score0.01713EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.3 views

n8n Node.js Package < 1.122.5 / 1.123.x < 1.123.2 Stored XSS (CVE-2026-25051)

The version of the n8n Node.js Package installed on the remote host is prior to 1.122.5, or 1.123.x prior to 1.123.2. It is, therefore, affected by a stored cross-site scripting vulnerability: - A cross-site scripting XSS vulnerability has been identified in the handling of webhook responses and...

8.5CVSS5.8AI score0.00224EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

n8n Node.js Package >= 1.65.0 < 1.114.3 Unsafe Buffer Allocation Memory Disclosure (CVE-2025-61917)

The version of the n8n Node.js Package installed on the remote host is = 1.65.0 and prior to 1.114.3. It is, therefore, affected by an information disclosure vulnerability: - The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allows untrusted code to allocate uninitialize...

7.7CVSS6AI score0.00364EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.4 views

n8n Node.js Package < 1.121.3 RCE (CVE-2026-21877)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.3. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n...

9.9CVSS6.8AI score0.05258EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/09 3:4 a.m.14 views

Malicious code in n8n-nodes-hfgjf-irtuinvcm-lasdqewriit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4dabf38b16acea59219df3a3f57a396f3ebe958985096579cd43c419609b764 The package n8n-nodes-hfgjf-irtuinvcm-lasdqewriit was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1511

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01222EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1620

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01214EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2023-1590

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.02316EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.7 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS6.8AI score0.01214EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.12 views

CVE-2023-27562

The n8n package 0.218.0 for Node.js allows Directory Traversal...

6.5CVSS6.9AI score0.02316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:32 a.m.9 views

CVE-2023-27563

The n8n package 0.218.0 for Node.js allows Escalation of Privileges...

8.8CVSS6.9AI score0.01222EPSS
Exploits1References1
OSV
OSV
added 2023/05/10 3:30 p.m.46 views

GHSA-P58X-7733-VP9M n8n Directory Traversal vulnerability

The n8n package prior to version 0.216.1 for Node.js allows Directory Traversal...

6.5CVSS6.4AI score0.02316EPSS
Exploits1References9
Rows per page
Query Builder