📦 N8n

This CVE describes a second-order expression injection vulnerability in n8n's Form nodes that could allow unauthenticated attackers to inject and evaluate arbitrary n8n expressions. When combined with...

This vulnerability in n8n allows authenticated users with workflow creation/modification permissions to escape the JavaScript Task Runner sandbox and execute arbitrary code. In default configurations ...

This vulnerability in n8n workflow automation platform allows authenticated users with workflow creation/modification permissions to read sensitive files from the host system. Attackers can obtain con...

This vulnerability in n8n workflow automation platform allows authenticated users with workflow creation/modification permissions to execute arbitrary system commands or read arbitrary files on the ho...

This vulnerability in n8n's Python Code node allows authenticated users to escape the Python sandbox and execute arbitrary code on the underlying system. It affects all n8n instances running versions ...

This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to execute arbitrary system commands on the host server by crafting malicious expressions in workfl...

This critical vulnerability in n8n's workflow Expression evaluation system allows authenticated users to execute arbitrary code on the server. Attackers can achieve full system compromise by exploitin...

This vulnerability allows authenticated attackers to execute arbitrary code on n8n workflow automation platforms, leading to full system compromise. It affects both self-hosted and n8n Cloud instances...

This vulnerability in n8n workflow automation platform allows unauthenticated remote attackers to execute certain form-based workflows that can access files on the underlying server. Attackers can rea...

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticated users with workflow creation/modification permissions to execute arbitrary commands on the host sy...

This vulnerability allows authenticated users with workflow creation/modification permissions in n8n to achieve remote code execution by chaining file operations with git commands. Attackers can write...

A command injection vulnerability in n8n's community package installation functionality allows authenticated administrators to execute arbitrary system commands on the host server. This affects n8n in...

This vulnerability in n8n's Merge node allows authenticated users with workflow creation/modification permissions to write arbitrary files to the server filesystem, potentially leading to remote code ...

This vulnerability in n8n workflow automation platform allows attackers to write files to unintended locations on remote systems via SSH nodes, potentially leading to remote code execution. It affects...

This vulnerability in n8n workflow automation platform allows uninitialized memory allocation via Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner. Attackers could potentially acce...

In self-hosted n8n instances prior to version 2.0.0, authenticated users with workflow editing access can exploit the Code node's legacy JavaScript execution mode to invoke internal helper functions. ...

This stored XSS vulnerability in n8n allows attackers with workflow creation permissions to execute arbitrary JavaScript in the n8n editor interface. The vulnerability occurs when the 'Respond to Webh...

This vulnerability allows remote code execution (RCE) in n8n workflow automation platform by exploiting Git pre-commit hooks. Attackers who can create or modify workflows using the Git node can set ma...

A stored Cross-Site Scripting (XSS) vulnerability in n8n's Form Trigger node allows authenticated attackers to inject malicious HTML/JavaScript. This enables account takeover by stealing session cooki...

CVE-2023-27563 is a privilege escalation vulnerability in n8n workflow automation software that allows authenticated users to gain administrative privileges. This affects organizations using n8n for w...

This CVE describes a cross-site scripting (XSS) vulnerability in n8n workflow automation platform where authenticated users with workflow creation/modification permissions can inject malicious scripts...

This vulnerability in n8n's HTTP Request node allows authenticated attackers to bypass credential domain validation and send requests with credentials to unintended domains. This could lead to credent...

This Cross-Site Scripting (XSS) vulnerability in n8n allows authenticated users with workflow permissions to inject malicious scripts into markdown content. When other users interact with compromised ...

An authenticated user with workflow creation/modification permissions in n8n can exploit a Cross-Site Scripting (XSS) vulnerability by crafting malicious workflows. When other users interact with thes...

This vulnerability allows attackers to bypass IP whitelist restrictions in n8n's Webhook node by using IP addresses that contain whitelisted entries as substrings. It affects n8n instances from versio...

This CVE describes an authentication bypass vulnerability in n8n's Stripe Trigger node that allows unauthenticated attackers to trigger workflows by sending forged Stripe webhook events. The vulnerabi...

This stored XSS vulnerability in n8n's LangChain Chat Trigger node allows authorized users to inject malicious JavaScript into public chat URLs. When users visit these compromised URLs, the payload ex...

A symlink traversal vulnerability in n8n's Read/Write File node allows attackers to bypass directory restrictions. By creating symbolic links, attackers can read from or write to otherwise inaccessibl...

This CVE describes an authorization vulnerability in n8n workflow automation platform where authenticated users can stop workflow executions they don't own or haven't been shared with them. This affec...