VYPR

N8n

by N8n Io

npm: n8n

Source repositories

CVEs (86)

  • CVE-2026-25056Feb 4, 2026
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem…

  • CVE-2026-25055Feb 4, 2026
    risk 0.00cvss epss 0.02

    n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended…

  • CVE-2026-25054Feb 4, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content.…

  • CVE-2026-25053Feb 4, 2026
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This…

  • CVE-2026-25052Feb 4, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited…

  • CVE-2026-25051Feb 4, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy (CSP) sandbox…

  • CVE-2025-61917Feb 4, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual…

  • CVE-2026-25049Feb 4, 2026
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running…

  • CVE-2026-1470Jan 27, 2026
    risk 0.00cvss epss 0.18

    n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the…

  • CVE-2025-68949Jan 13, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely…

  • CVE-2026-21894Jan 8, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates…

  • CVE-2026-21877Jan 8, 2026
    risk 0.00cvss epss 0.05

    n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is…

  • CVE-2026-21858Jan 7, 2026
    risk 0.00cvss epss 0.72

    n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated…

  • CVE-2025-68697Dec 26, 2025
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from…

  • CVE-2025-68668Dec 26, 2025
    risk 0.00cvss epss 0.13

    n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute…

  • CVE-2025-61914Dec 26, 2025
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may…

  • CVE-2025-65964Dec 8, 2025
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including…

  • CVE-2025-62726Oct 30, 2025
    risk 0.00cvss epss 0.01

    n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook,…

  • CVE-2025-58177Sep 15, 2025
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in…

  • CVE-2025-55526Aug 26, 2025
    risk 0.00cvss epss 0.01

    n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py

Page 4 of 5