VIR Vulnerability Intelligence Relay

Package impact

npm npm / n8n

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42233 critical 9.8 9.8 23d ago n8n has SQL Injection in Oracle Database Node via Limit Field npm
CVE-2026-42235 critical 9.6 9.6 23d ago n8n Vulnerable to XSS via MCP OAuth client npm
CVE-2026-44791 critical 9.5 13d ago n8n Has an XML Node Prototype Pollution Patch Bypass npm
CVE-2026-44790 critical 9.5 13d ago n8n Has an Arbitrary File Read via Git Node npm
CVE-2026-44789 critical 9.5 13d ago n8n: HTTP Request Node Pagination Prototype Pollution to RCE npm
CVE-2026-42237 high 8.8 8.8 23d ago n8n has SQL Injection in Snowflake and MySQL Nodes npm
CVE-2026-42234 high 8.8 8.8 23d ago n8n has a Python Task Runner Sandbox Escape Vulnerability npm
CVE-2026-42232 high 8.8 8.8 23d ago n8n has XML Node Prototype Pollution that to RCE npm
CVE-2026-42231 high 8.8 8.8 23d ago n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE npm
CVE-2026-42229 high 8.8 8.8 23d ago n8n has SQL Injection in SeaTable Node npm
CVE-2026-45732 high 8.0 13d ago n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints npm
CVE-2026-44792 high 8.0 13d ago n8n Has a Source Control Pull SQL Injection npm
CVE-2026-42236 high 7.5 7.5 23d ago n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration npm
CVE-2026-42226 high 7.5 7.5 23d ago n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay npm
CVE-2026-42228 medium 6.5 6.5 23d ago n8n Vulnerable to Hijacking of Unauthenticated Chat Execution npm
CVE-2026-42227 medium 6.5 6.5 23d ago n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure npm
CVE-2026-42230 medium 6.1 6.1 23d ago n8n has Open Redirect in MCP OAuth Consent Flow npm
CVE-2025-68613 unknown 1.5 5mo ago n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. npm
CVE-2026-33751 unknown 2mo ago n8n Vulnerable to LDAP Filter Injection in LDAP Node npm
CVE-2026-33749 unknown 2mo ago n8n Vulnerable to XSS via Binary Data Inline HTML Rendering npm
CVE-2026-33713 unknown 2mo ago n8n has SQL Injection in Data Table Node via orderByColumn Expression npm
CVE-2026-33696 unknown 2mo ago n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE npm
CVE-2026-33724 unknown 2mo ago n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no npm
CVE-2026-33722 unknown 2mo ago n8n Has External Secrets Authorization Bypass in Credential Saving npm
CVE-2026-33720 unknown 2mo ago n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK npm
CVE-2026-33665 unknown 2mo ago n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover npm
CVE-2026-33663 unknown 2mo ago n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition npm
CVE-2026-33660 unknown 2mo ago n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode npm
CVE-2026-27496 unknown 2mo ago n8n has In-Process Memory Disclosure in its Task Runner npm
CVE-2026-27578 unknown 3mo ago n8n Vulnerable to Stored XSS via Various Nodes npm
CVE-2026-27577 unknown 3mo ago n8n: Expression Sandbox Escape Leads to RCE npm
CVE-2026-27498 unknown 3mo ago n8n has Arbitrary Command Execution via File Write and Git Operations npm
CVE-2026-27497 unknown 3mo ago n8n has Potential Remote Code Execution via Merge Node npm
CVE-2026-27495 unknown 3mo ago n8n has a Sandbox Escape in its JavaScript Task Runner npm
CVE-2026-27494 unknown 3mo ago n8n has Arbitrary File Read via Python Code Node Sandbox Escape npm
CVE-2026-27493 unknown 3mo ago n8n has Unauthenticated Expression Evaluation via Form Node npm
CVE-2026-25631 unknown 4mo ago n8n's domain allowlist bypass enables credential exfiltration npm
CVE-2026-25115 unknown 4mo ago n8n has a Python sandbox escape npm
CVE-2026-25056 unknown 4mo ago n8n Merge Node has Arbitrary File Write leading to RCE npm
CVE-2026-25055 unknown 4mo ago n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node npm
CVE-2026-25054 unknown 4mo ago n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI npm
CVE-2026-25053 unknown 4mo ago n8n has OS Command Injection in Git Node npm
CVE-2026-25052 unknown 4mo ago n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users npm
CVE-2026-25051 unknown 4mo ago n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS npm
CVE-2026-25049 unknown 4mo ago n8n Has Expression Escape Vulnerability Leading to RCE npm
CVE-2026-21893 unknown 4mo ago n8n Vulnerable to Command Injection in Community Package Installation npm
CVE-2025-61917 unknown 4mo ago n8n's Unsafe Buffer Allocation Allows In-Process Memory Disclosure in Task Runner npm
CVE-2026-1470 unknown 4mo ago n8n Unsafe Workflow Expression Evaluation Allows Remote Code Execution npm
CVE-2025-68949 unknown 4mo ago n8n: Webhook Node IP Whitelist Bypass via Partial String Matching npm
CVE-2026-21894 unknown 5mo ago n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks npm
CVE-2026-21858 unknown 5mo ago n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling npm
CVE-2026-21877 unknown 5mo ago n8n Vulnerable to RCE via Arbitrary File Write npm
CVE-2025-68697 unknown 5mo ago Self-hosted n8n has Legacy Code node that enables arbitrary file read/write npm
CVE-2025-68668 unknown 5mo ago n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node npm
CVE-2025-61914 unknown 5mo ago n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox npm
CVE-2025-65964 unknown 6mo ago n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook npm
CVE-2025-62726 unknown 7mo ago n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook npm
CVE-2025-58177 unknown 8mo ago Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter npm
CVE-2025-57749 unknown 9mo ago n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files npm
CVE-2025-52478 unknown 9mo ago Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source npm
CVE-2025-52554 unknown 11mo ago n8n is vulnerable to Improper Authorization through its `/stop` endpoint npm
CVE-2025-49595 unknown 11mo ago n8n Vulnerable to Denial of Service via Malformed Binary Data Requests npm
CVE-2025-49592 unknown 11mo ago n8n allows open redirects via the /signin endpoint npm
CVE-2025-46343 unknown 1y ago n8n Vulnerable to Stored XSS through Attachments View Endpoint npm
CVE-2023-27564 unknown 3y ago n8n Information Disclosure vulnerability npm
CVE-2023-27562 unknown 3y ago n8n Directory Traversal vulnerability npm
CVE-2023-27563 unknown 3y ago n8n Privilege Escalation vulnerability npm