If you discover a (suspected) security vulnerability, please report it through our Vulnerability Disclosure Program.
Security: n8n-io/n8n
Security
SECURITY.md
-
Remote Code Execution via Git Node Pre-Commit HookGHSA-xgp7-7qjq-vg47 published
Oct 30, 2025 by csuermannHigh -
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages ParameterGHSA-mvh4-2cm2-6hpg published
Sep 14, 2025 by csuermannModerate -
Execute Command Node in n8n Allows Authenticated Users to Run Arbitrary Commands on HostGHSA-365g-vjw2-grx8 published
Oct 8, 2025 by csuermannHigh -
Symlink traversal vulnerability in "Read/Write File" node allows access to restricted filesGHSA-ggjm-f3g4-rwmm published
Aug 20, 2025 by csuermannModerate -
Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ WorkflowsGHSA-gq57-v332-7666 published
Jul 3, 2025 by csuermannModerate -
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/sourceGHSA-hfmv-hhh3-43f2 published
Aug 19, 2025 by csuermannHigh -
Denial of Service via Malformed Binary Data RequestsGHSA-pr9r-gxgp-9rm8 published
Jul 3, 2025 by csuermannModerate -
Open Redirect Vulnerability in n8n Login FlowGHSA-5vj6-wjr7-5v9f published
Jun 26, 2025 by csuermannModerate -
Stored XSS through Attachments View EndpointGHSA-c8hm-hr8h-5xjw published
Apr 28, 2025 by csuermannModerate
Learn more about advisories related to n8n-io/n8n in the GitHub Advisory Database