Overview · n8n-io/n8n · GitHub

Security

SECURITY.md

Reporting a Vulnerability

If you discover a (suspected) security vulnerability, please report it through our Vulnerability Disclosure Program.

SQL Injection in Data Table Node via orderByColumn Expression
GHSA-98c2-4cr3-4jc3 published Mar 25, 2026 by Jubke

High
Authentication Bypass in Chat Trigger Node
GHSA-jh8h-6c9q-7gmw published Feb 25, 2026 by Jubke

Moderate
Unauthenticated Expression Evaluation via Form Node
GHSA-75g8-rv7v-32f7 published Feb 25, 2026 by Jubke

High
LDAP Filter Injection in LDAP Node
GHSA-w83q-mcmx-mh42 published Mar 25, 2026 by Jubke

Moderate
In-Process Memory Disclosure in Task Runner
GHSA-xvh5-5qg4-x9qp published Mar 25, 2026 by Jubke

High
SSO Enforcement Bypass
GHSA-vjf3-2gpj-233v published Feb 25, 2026 by Jubke

Moderate
Sandbox Escape in JavaScript Task Runner
GHSA-jjpj-p2wh-qf23 published Feb 25, 2026 by Jubke

Critical
n8n Guardrail Node Bypass
GHSA-fvfv-ppw4-7h2w published Feb 25, 2026 by Jubke

Moderate
External Secrets Authorization Bypass in Credential Saving
GHSA-fxcw-h3qj-8m8p published Mar 25, 2026 by Jubke

High
XSS in Credential Management Flow
GHSA-364x-8g5j-x2pr published Mar 25, 2026 by Jubke

Moderate

Learn more about advisories related to n8n-io/n8n in the GitHub Advisory Database