n8n vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44790Criticaln8n: n8n Has an Arbitrary File Read via Git NodeCVE-2026-44789Criticaln8n: n8n: HTTP Request Node Pagination Prototype Pollution to RCECVE-2026-42232Criticaln8n: n8n has XML Node Prototype Pollution that to RCECVE-2026-42231Criticaln8n: n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCECVE-2026-42235Highn8n: n8n Vulnerable to XSS via MCP OAuth clientCVE-2026-42226Highn8n: n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key ReplayCVE-2026-42234Highn8n: n8n has a Python Task Runner Sandbox Escape VulnerabilityCVE-2026-42227Mediumn8n: n8n has Public API Variables IDOR that Allows Cross-Project Secret DisclosureCVE-2026-42236Highn8n: n8n Vulnerable to Unauthenticated Denial of Service via MCP Client RegistrationCVE-2026-42228Mediumn8n: n8n Vulnerable to Hijacking of Unauthenticated Chat Execution CVE-2026-42229Mediumn8n: n8n has SQL Injection in SeaTable NodeCVE-2026-42230Mediumn8n: n8n has Open Redirect in MCP OAuth Consent FlowCVE-2026-42233Mediumn8n: n8n has SQL Injection in Oracle Database Node via Limit FieldCVE-2026-42237Mediumn8n: n8n has SQL Injection in Snowflake and MySQL NodesGHSA-364X-8G5J-X2PRMediumn8n: n8n has XSS in its Credential Management FlowGHSA-3C7F-5HGJ-H279Mediumn8n: n8n has XSS in Chat Trigger Node through Custom CSSGHSA-W673-8FJW-457CMediumn8n: n8n: Authenticated XSS and Open Redirect via Form NodeCVE-2026-56358Mediumn8n: n8n has a Stored XSS Vulnerability in its Form TriggerCVE-2026-33751Mediumn8n: n8n Vulnerable to LDAP Filter Injection in LDAP NodeCVE-2026-33749Mediumn8n: n8n Vulnerable to XSS via Binary Data Inline HTML RenderingCVE-2026-33713Highn8n: n8n has SQL Injection in Data Table Node via orderByColumn ExpressionCVE-2026-33696Criticaln8n: n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCECVE-2026-33724Mediumn8n: n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=noCVE-2026-33722Highn8n: n8n Has External Secrets Authorization Bypass in Credential SavingCVE-2026-33720Mediumn8n: n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK

Stop the waste.
Protect your environment with Kodem.