N8n
by N8n Io
Source repositories
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-57749 | 0.00 | — | 0.00 | Aug 20, 2025 | n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks).… | |||
| CVE-2025-52478 | 0.00 | — | 0.00 | Aug 19, 2025 | n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a… | |||
| CVE-2025-52554 | 0.00 | — | 0.00 | Jul 3, 2025 | n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading… | |||
| CVE-2025-49595 | 0.00 | — | 0.00 | Jul 3, 2025 | n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability… | |||
| CVE-2025-49592 | 0.00 | — | 0.00 | Jun 26, 2025 | n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query… | |||
| CVE-2025-46343 | 0.00 | — | 0.00 | Apr 29, 2025 | n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no… |
- CVE-2025-57749Aug 20, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks).…
- CVE-2025-52478Aug 19, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a…
- CVE-2025-52554Jul 3, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading…
- CVE-2025-49595Jul 3, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated attackers to cause service unavailability…
- CVE-2025-49592Jun 26, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query…
- CVE-2025-46343Apr 29, 2025risk 0.00cvss —epss 0.00
n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and serve binary files, which are accessible to authenticated users. However, there is no…
Page 5 of 5