@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +260 more potentially affected by CVE-2026-1470 via n8n-workflow (>=2.0.0-rc.0 <=2.4.2)

n8n-workflow NPM version =2.0.0-rc.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-1470 Source advisory: SNYK:JS-N8NWORKFLOW-15118125...

PT-2026-4918

n8n and Affected Versions n8n affected versions not specified Description n8n is affected by a critical Remote Code Execution RCE issue within its workflow Expression evaluation system. An authenticated attacker can leverage this to execute arbitrary code with the privileges of the n8n process...

CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

Arbitrary File Upload

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Arbitrary File Upload via the Git Node. An authenticated user can achieve execution of untrusted code by uploading malicious files that are subsequently executed by the service. This can lead ...

@kimio/n8n-nodes-litellm (>=1.0.2 <=1.0.3), @klardaten/n8n-nodes-datevconnect (>=1.0.1 <=1.0.2) +29 more potentially affected by CVE-2026-21877 via n8n-workflow (>=1.0.0 <=1.118.1)

n8n-workflow NPM version =1.0.0, =1.0.2, =1.0.1, =0.13.0, =0.37.0, =0.6.0, =0.14.0, =1.7.0, =1.6.0, =1.10.0, =1.39.0, =1.1.7, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-21877 Source advisory: SNYK:JS-N8NWORKFLOW-14894273...

Exploit for CVE-2025-68613

n8n Authenticated Expression Injection RCE – CVE-2025-68613...

Exploit for CVE-2025-68613

🚀 n8n Authenticated RCE PoC Pocsuite3 CVE ID: CVE-202...

Improper Control of Dynamically-Managed Code Resources

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the workflow expression evaluation system. An authenticated attacker can execute arbitrary code with the privileges of the underlying...

@0xlimao/n8n-nodes-ethereum (=0.1.1), @adhiraj2486/n8n-nodes-vigorus (=1.0.8) +736 more potentially affected by CVE-2025-68668 via n8n-workflow (>=1.0.0 <=2.0.0-rc.0)

n8n-workflow NPM version =1.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.2.0, =0.5.2, =1.0.1, =0.1.5, =1.0.0, =0.1.1, =0.1.4 - @arwinho/n8n-nodes-oxxa =0.1.0 and more Source cves: CVE-2025-68668 Source advisory: SNYK:JS-N8NWORKFLOW-14723277...

Remote Code Execution (RCE)

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrar...

EUVD-2025-19233

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public...

PT-2025-33750 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting XSS vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi...

CVE-2025-49592 n8n Login Flow has Open Redirect Vulnerability

n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may...