Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.9 views

Duplicate Advisory: Hostname checks could treat trailing-dot hosts inconsistently

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gxg4-2rrr-jhc7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.11 views

Duplicate Advisory: Linux and macOS exec allowlists skipped configured argument patterns

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v2ww-5rh7-2h5v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers ...

8.3CVSS5.5AI score0.00347EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.8 views

Duplicate Advisory: Shell positional parameters could weaken strict inline-eval checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5cj2-3jr2-5h77. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken stri...

8.1CVSS5.5AI score0.0026EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.9 views

Duplicate Advisory: Active Memory write scope could mutate global config

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x629-46cc-7xgw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows...

5.4CVSS5.2AI score0.00176EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.11 views

Duplicate Advisory: Workspace .env npm_execpath could influence bundled runtime dependency install

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-24vr-rprv-67rf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env...

7.1CVSS5.3AI score0.00118EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.7 views

Duplicate Advisory: Skill-command dispatch could skip before-tool-call hooks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-68xw-r643-9p5w. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispat...

4.3CVSS5.3AI score0.00185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.8 views

Duplicate Advisory: Slack reaction events could ignore reaction notification settings

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fcvx-5cxc-v5p8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the...

6.3CVSS5.2AI score0.00191EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.8 views

Duplicate Advisory: Focus command could miss controlScope enforcement

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mpc8-jxjh-qpgh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows...

6.8CVSS5.4AI score0.00093EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.8 views

Duplicate Advisory: Discord allowFrom could bind to mutable display names

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cw4q-gqg5-g38h. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validat...

8.6CVSS5.2AI score0.00267EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.16 views

Duplicate Advisory: Exec allowlist could miss side effects from transparent command wrappers

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwpp-5962-q4f6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.7 views

Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-q99w-vh6v-q3v7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device...

8.8CVSS5.2AI score0.00275EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.8 views

Duplicate Advisory: memory-wiki shared search could miss session visibility checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-72fw-cqh5-f324. This link is maintained to preserve external references. Original DescriptionOpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.8 views

Duplicate Advisory: Exported session HTML could keep unsafe markdown links

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w9hf-3pp7-pvxv. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsaf...

6.1CVSS5AI score0.00188EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.7 views

Duplicate Advisory: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fq9j-vw4w-fr6v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:31 p.m.10 views

Duplicate Advisory: MCP Streamable HTTP redirects could forward configured custom headers to another origin

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rjxq-qqhf-8hwh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwar...

7.1CVSS5.2AI score0.00223EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:30 p.m.8 views

Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An authenticated user who ow...

7.7CVSS5.3AI score0.00186EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.7 views

Caddy: stripHTML template function bypass

Summary Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later rendered as HTML. This may allow...

4.2CVSS5.4AI score0.00153EPSS
Exploits1References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.8 views

Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Summary forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers into CGI variables by replacing - with . This lets a client send an underscor...

8.1CVSS5.5AI score0.00246EPSS
Exploits1References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.10 views

Caddy: Windows `file_server` path authorization bypass via encoded backslash

Summary On Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can request /private%5csecret.txt and bypass Caddy path-scoped auth/deny routes protecting...

8.2CVSS5.3AI score0.00409EPSS
Exploits2References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/16 9:13 p.m.10 views

yt-dlp: Arbitrary code execution via manifest downloads with aria2c

Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

9.6CVSS6.2AI score0.00406EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:5 p.m.8 views

Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. Impact When a sandbox owner changed a preview from...

7CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:4 p.m.10 views

Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...

10CVSS5.7AI score0.0024EPSS
Exploits1References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/16 9:2 p.m.8 views

Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while usin...

8.6CVSS5.5AI score0.00289EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:2 p.m.10 views

Crawl4AI: Arbitrary file write (symlink/TOCTOU) plus log and webhook-header injection in Docker server

Summary Three backward-compatible hardening fixes in the Docker API server. The headline issue is an arbitrary file write via the screenshot/PDF outputpath. 1. Arbitrary file write via outputpath symlink / TOCTOU primary POST /screenshot and POST /pdf accept an outputpath constrained to...

5.6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:0 p.m.8 views

Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution

Summary The Docker API server let a request control where LLM calls were sent and which environment variable an LLM token resolved from. Both could be abused to exfiltrate server-held secrets. The Docker API is unauthenticated by default. Vector 1 - attacker baseurl /md, /llm, and /llm/job accept...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 9:0 p.m.10 views

Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)

Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...

7.5CVSS5.5AI score0.00267EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:59 p.m.16 views

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...

9.6CVSS5.7AI score0.00555EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:16 p.m.9 views

yt-dlp: File Downloader cookie leak with curl

Summary If curl is used an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. This is the equivalent to GHSA-v8mc-9377-rwjj for the curl downloader. The vulnerable behavior is...

7.4CVSS5.3AI score0.00268EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:15 p.m.21 views

LobeHub: Unauthenticated SSRF in `/webapi/proxy`

Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com Summary The /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy code that was vulnerable in...

9CVSS8.4AI score0.52683EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:13 p.m.26 views

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

9.2CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:13 p.m.19 views

Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

10CVSS6.7AI score0.0045EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 8:12 p.m.9 views

Hugo: Symlink confinement bypass in resources.Get

Commit: f8b5fa09a6 — Fix prevention of direct symlink reads in resources.Get Affected versions: v0.123.0 through v0.161.1. Earlier versions are not affected. Fixed in: v0.162.0. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mount...

6.9CVSS5.6AI score0.00275EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:22 p.m.19 views

Hugo: security.http.urls allow-list bypass via HTTP redirects

Commit: 86fbb0f7a8 — security: Validate redirects against security.http.urls Affected versions: v0.91.0 when security.http.urls was introduced through v0.161.1. Fixed in: v0.162.0. Severity: Only relevant for sites that rely on security.http.urls as a trust boundary — e.g. CI builds that fetch...

6.3CVSS5.5AI score0.00249EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:22 p.m.7 views

Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

6.1CVSS5.1AI score0.00187EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:11 p.m.8 views

Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

8.4CVSS5.8AI score0.00144EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:11 p.m.11 views

Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Summary When Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk,...

5.5CVSS5.8AI score0.00135EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:9 p.m.9 views

Deno: Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks

Summary Deno's network permission model is designed so that --deny-net rules apply to the resolved IP address of a destination, not just the literal string supplied by the caller. That means --deny-net=127.0.0.1 or --deny-net=127.0.0.0/8 is expected to block any attempt to reach loopback,...

6.5CVSS5.5AI score0.00111EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:8 p.m.9 views

Deno: Miller-Rabin Primality Test Allows Zero Rounds

Summary node:crypto.checkPrimecandidate, options, callback and crypto.checkPrimeSynccandidate, options ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied to the candidate was trial division by the primes up to 17,863. Any...

7.4CVSS5.4AI score0.00149EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:7 p.m.14 views

Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

9.8CVSS5.8AI score0.02213EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:4 p.m.9 views

Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read access

Summary In Deno, environment access is gated by the env permission. You can deny it with --deny-env, or restrict it to a specific allowlist with --allow-env=FOO,BAR. The expectation is that a program running without env permission cannot change process.env. process.loadEnvFile the Node-compatible...

5.2CVSS5.4AI score0.00098EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:4 p.m.27 views

Deno: WebSocket API sandbox bypass via missing post-DNS check

Summary When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a...

5.2CVSS5.4AI score0.00101EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:2 p.m.8 views

Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Summary When fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP,...

5.2CVSS5.4AI score0.00101EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:2 p.m.76 views

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

10CVSS5.1AI score0.00245EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:1 p.m.8 views

n8n: Merge Node SQL Mode Prototype Pollution

Impact An authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions on the instance, prototype mutations introduced by one user's workflow...

7.7CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Prototype Pollution enables confused-deputy execution via public webhooks

Impact A prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes. Where a workflow combines a public...

6.4CVSS5.4AI score0.00259EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Same-Origin XSS in Respond to Webhook Node

Impact An authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript ...

7CVSS5.6AI score0.00216EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:0 p.m.8 views

n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes

Impact The MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data. Patches The issue has been fixed in...

7.2CVSS5.6AI score0.00276EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 6:59 p.m.17 views

n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

Impact The POST /workflows/workflowId/test-runs/new endpoint authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a workflow could trigger a real evaluation test run, causing the workflow to execute via the internal workflow runner. Th...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 6:59 p.m.19 views

n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

Impact An authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing unintended documents to be matched and overwritten with...

7.7CVSS5.3AI score0.0026EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:51 p.m.8 views

n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database...

9.9CVSS5.7AI score0.00394EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities33225