AI Threat Alert AI Threat Alert

n8n

npm AI Agents
112
Total CVEs
50
Critical
npm
Ecosystem
Mar 27, 2026
Last CVE

Known Vulnerabilities (30+ shown)

Severity CVE ID Summary CVSS Published
MEDIUM GHSA-q4fm-pjq6-m63g n8n: Stored XSS in Form Trigger enables phishing 5.4 Mar 27, 2026 MEDIUM GHSA-w673-8fjw-457c n8n: stored XSS enables phishing via Form Node 4.1 Mar 27, 2026 MEDIUM GHSA-3c7f-5hgj-h279 n8n: Stored XSS in Chat Trigger via CSS injection 5.4 Mar 27, 2026 MEDIUM GHSA-364x-8g5j-x2pr n8n: stored XSS via malicious OAuth2 Authorization URL 5.4 Mar 27, 2026 MEDIUM CVE-2026-33751 n8n: LDAP injection enables auth bypass in workflows 4.8 Mar 25, 2026 CRITICAL CVE-2026-33749 n8n: stored XSS enables credential theft via workflow 9.0 Mar 25, 2026 HIGH CVE-2026-33724 n8n: SSH MitM enables malicious workflow injection 7.4 Mar 25, 2026 MEDIUM CVE-2026-33722 n8n: secrets vault bypass exposes credentials to low-priv users 5.3 Mar 25, 2026 MEDIUM CVE-2026-33720 n8n: OAuth state forgery hijacks user credentials 4.2 Mar 25, 2026 HIGH CVE-2026-33713 n8n: SQLi in Data Table node, full DB compromise 8.8 Mar 25, 2026 HIGH CVE-2026-33696 n8n: Prototype pollution enables RCE via workflow nodes 8.8 Mar 25, 2026 HIGH CVE-2026-33665 n8n: LDAP email match enables permanent account takeover 8.2 Mar 25, 2026 CRITICAL CVE-2026-33663 n8n: member role steals plaintext HTTP credentials 10.0 Mar 25, 2026 CRITICAL CVE-2026-33660 TensorFlow: type confusion NPD in tensor conversion 10.0 Mar 25, 2026 MEDIUM CVE-2026-27496 n8n: uninitialized buffer leaks secrets via Task Runner 6.5 Mar 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 MEDIUM CVE-2026-27578 n8n: XSS enables session hijacking 5.4 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 CRITICAL CVE-2026-27577 n8n: Code Injection enables RCE 9.9 Feb 25, 2026 HIGH CVE-2026-27498 n8n: Code Injection enables RCE 8.8 Feb 25, 2026

Monitor n8n in your stack

Get instant alerts when new vulnerabilities affect n8n. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring