npm package
n8n
pkg:npm/n8n
Vulnerabilities (67)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-52554 | — | < 1.99.1 | 1.99.1 | Jul 3, 2025 | n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading | ||
| CVE-2025-49595 | — | < 1.99.0 | 1.99.0 | Jul 3, 2025 | n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability | ||
| CVE-2025-49592 | — | < 1.98.0 | 1.98.0 | Jun 26, 2025 | n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query par | ||
| CVE-2025-46343 | — | < 1.90.0 | 1.90.0 | Apr 29, 2025 | n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restrict | ||
| CVE-2023-27564 | — | < 0.216.1 | 0.216.1 | May 10, 2023 | The n8n package 0.218.0 for Node.js allows Information Disclosure. | ||
| CVE-2023-27563 | — | < 0.216.1 | 0.216.1 | May 10, 2023 | The n8n package 0.218.0 for Node.js allows Escalation of Privileges. | ||
| CVE-2023-27562 | — | < 0.216.1 | 0.216.1 | May 10, 2023 | The n8n package 0.218.0 for Node.js allows Directory Traversal. |
- CVE-2025-52554Jul 3, 2025affected < 1.99.1fixed 1.99.1
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading
- CVE-2025-49595Jul 3, 2025affected < 1.99.0fixed 1.99.0
n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability
- CVE-2025-49592Jun 26, 2025affected < 1.98.0fixed 1.98.0
n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query par
- CVE-2025-46343Apr 29, 2025affected < 1.90.0fixed 1.90.0
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no restrict
- CVE-2023-27564May 10, 2023affected < 0.216.1fixed 0.216.1
The n8n package 0.218.0 for Node.js allows Information Disclosure.
- CVE-2023-27563May 10, 2023affected < 0.216.1fixed 0.216.1
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.
- CVE-2023-27562May 10, 2023affected < 0.216.1fixed 0.216.1
The n8n package 0.218.0 for Node.js allows Directory Traversal.
Page 4 of 4