All disclosed vulnerabilities by Snyk

• • M
  Permissive List of Allowed Inputs in n8n-nodes-base (npm)

  Discovered by Berk Dedekargınoğlu
  13 Jan 2026
• • H
  Prototype Pollution in pace-js (npm)

  Discovered by Zhengyu Liu
  29 Dec 2025
• • C
  Remote Code Execution (RCE) in n8n-workflow (npm)

  Discovered by Berk Dedekargınoğlu, VladimirEliTokarev
  29 Dec 2025
• • C
  Remote Code Execution (RCE) in n8n-nodes-base (npm)

  Discovered by Berk Dedekargınoğlu, VladimirEliTokarev
  29 Dec 2025
• • C
  Remote Code Execution (RCE) in @n8n/config (npm)

  Discovered by Berk Dedekargınoğlu, VladimirEliTokarev
  28 Dec 2025
• • M
  Cross-site Request Forgery (CSRF) in fastapi-sso (pip)

  Discovered by David Borș (Snyk Security Research)
  18 Dec 2025
• • M
  Cross-site Scripting (XSS) in @tiptap/extension-link (npm)

  Discovered by Thai Do Nhat
  8 Dec 2025
• • H
  Incomplete Filtering of One or More Instances of Special Elements in validator (npm)

  Discovered by Karol Wrótniak
  26 Nov 2025
• • C
  Prototype Pollution in expr-eval (npm)

  Discovered by yoshino-s
  16 Nov 2025
• • C
  Prototype Pollution in expr-eval-fork (npm)

  Discovered by yoshino-s
  16 Nov 2025