All disclosed vulnerabilities by Snyk

• • C
  Remote Code Execution (RCE) in n8n-workflow (npm)

  Discovered by Berk Dedekargınoğlu, VladimirEliTokarev
  29 Dec 2025
• • C
  Remote Code Execution (RCE) in n8n-nodes-base (npm)

  Discovered by Berk Dedekargınoğlu, VladimirEliTokarev
  29 Dec 2025
• • C
  Remote Code Execution (RCE) in @n8n/config (npm)

  Discovered by Berk Dedekargınoğlu, VladimirEliTokarev
  28 Dec 2025
• • M
  Cross-site Request Forgery (CSRF) in fastapi-sso (pip)

  Discovered by David Borș (Snyk Security Research)
  18 Dec 2025
• • M
  Cross-site Scripting (XSS) in @tiptap/extension-link (npm)

  Discovered by Thai Do Nhat
  8 Dec 2025
• • H
  Incomplete Filtering of One or More Instances of Special Elements in validator (npm)

  Discovered by Karol Wrótniak
  26 Nov 2025
• • C
  Prototype Pollution in expr-eval (npm)

  Discovered by yoshino-s
  16 Nov 2025
• • C
  Prototype Pollution in expr-eval-fork (npm)

  Discovered by yoshino-s
  16 Nov 2025
• • H
  Arbitrary Argument Injection in cloudinary (npm)

  Discovered by Patryk Konior
  9 Nov 2025
• • M
  Improper Validation of Specified Type of Input in validator (npm)

  Discovered by junwon seo
  17 Oct 2025