If you discover a (suspected) security vulnerability, please report it through our Vulnerability Disclosure Program.
Security: n8n-io/n8n
Security
SECURITY.md
-
XSS and Open Redirect in Form NodeGHSA-w673-8fjw-457c published
Mar 25, 2026 by JubkeModerate -
Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACKGHSA-vpgc-2f6g-7w7x published
Mar 25, 2026 by JubkeModerate -
Webhook Forgery on Zendesk TriggerGHSA-38c7-23hj-2wgq published
Feb 25, 2026 by JubkeModerate -
Webhook Forgery on Github Webhook TriggerGHSA-mqpr-49jj-32rc published
Feb 25, 2026 by JubkeModerate -
Arbitrary File Write leading to RCE in n8n Merge NodeGHSA-hv53-3329-vmrm published
Feb 4, 2026 by csuermannCritical -
Arbitrary File Write on Remote Systems via SSH NodeGHSA-m82q-59gv-mcr9 published
Feb 4, 2026 by csuermannHigh -
MITM Vulnerability for Source Control with SSHGHSA-43v7-fp2v-68f6 published
Mar 25, 2026 by JubkeModerate -
Stored Cross-Site Scripting via Markdown Rendering in Workflow UIGHSA-qpq4-pw7f-pp8w published
Feb 4, 2026 by csuermannHigh -
Expression Escape Vulnerability Leading to RCEGHSA-6cqr-8cfr-67f8 published
Feb 4, 2026 by csuermannCritical -
Command Injection in Community Package InstallationGHSA-7c4h-vh2m-743m published
Feb 4, 2026 by csuermannLow
Learn more about advisories related to n8n-io/n8n in the GitHub Advisory Database