If you discover a (suspected) security vulnerability, please report it through our Vulnerability Disclosure Program.
Security: n8n-io/n8n
Security
SECURITY.md
-
Legacy Code node enables file read/write in self-hosted n8nGHSA-j4p8-h8mh-rh8q published
Dec 24, 2025 by csuermannHigh -
Arbitrary Command Execution in Pyodide based Python Code NodeGHSA-62r4-hw23-cc8v published
Dec 24, 2025 by csuermannCritical -
Remote Code Execution via Expression InjectionGHSA-v98v-ff95-f3cp published
Dec 19, 2025 by csuermannCritical -
Remote Code Execution via Git Node Custom Pre-Commit HookGHSA-wpqc-h9wp-chmq published
Dec 8, 2025 by csuermannCritical -
Remote Code Execution via Git Node Pre-Commit HookGHSA-xgp7-7qjq-vg47 published
Oct 30, 2025 by csuermannHigh -
Stored XSS in n8n LangChain Chat Trigger Node via initialMessages ParameterGHSA-mvh4-2cm2-6hpg published
Sep 14, 2025 by csuermannModerate -
Execute Command Node in n8n Allows Authenticated Users to Run Arbitrary Commands on HostGHSA-365g-vjw2-grx8 published
Oct 8, 2025 by csuermannHigh -
Symlink traversal vulnerability in "Read/Write File" node allows access to restricted filesGHSA-ggjm-f3g4-rwmm published
Aug 20, 2025 by csuermannModerate -
Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ WorkflowsGHSA-gq57-v332-7666 published
Jul 3, 2025 by csuermannModerate -
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/sourceGHSA-hfmv-hhh3-43f2 published
Aug 19, 2025 by csuermannHigh
Learn more about advisories related to n8n-io/n8n in the GitHub Advisory Database