Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution. The vulnerability is due to unsafe execution of Git pre-commit hooks, where cloning a repository containing a malicious hook and later performing a commit via the Git Node can trigger arbitrary command execution within the n8n environment...

CVE-2025-65964

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.123.1 through 1.119.1, which stems from a lack of adequate protection for project pre-commit hooks and could lead to remote code execution...

CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

PT-2025-49610

Name of the Vulnerable Software and Affected Versions n8n versions 0.123.1 through 1.119.1 Description n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 lack sufficient protections against Remote Code Execution RCE through the project's pre-commit hooks. The Add...

Exploit for CVE-2025-62726

CVE-2025-62726 POC - n8n Git Node RCE Educational Purpose...

Unsafe Dependency Resolution

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: Assaf Levkovich...

GHSA-XGP7-7QJQ-VG47 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

CVE-2025-62726

The CVE-2025-62726 entry concerns n8n (Cloud and Self-Hosted) with a remote code execution vulnerability in the Git Node prior to 1.113.0. When cloning a remote repository containing a pre-commit hook, a subsequent Commit operation can trigger the hook, allowing arbitrary code execution in the n8...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 1.113.0 that originates when the Git Node component triggers execution when cloning remote repositories containing pre-commit hooks, which could lead to remote code execution...

CVE-2024-53848

The CVE-2024-53848 issue affects the check-jsonschema tool (and related advisories) where the default caching uses the remote schema basename (e.g., https://example.org/schema.json) as the cache filename. This can allow a malicious schema URL to overwrite or be substituted in the cache leading to...

TerraGoat - Vulnerable Terraform Infrastructure

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments. Introduction TerraGoat was built to enable DevSecOps design and implement a...

PT-2022-6487 · Git +2 · Git +2

Name of the Vulnerable Software and Affected Versions: Git versions through 2.35.1 Description: The issue is related to the disclosure of information in the error data area of the distributed version control system Git. This could present a security risk if information-disclosure auditing process...

Zelos - A Comprehensive Binary Emulation Platform

Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...