n8n

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the n8n package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2026-8723	*
L CVE-2026-3449	*
L Cross-site Scripting (XSS)	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L GHSA-c7w3-x93f-qmm8	*
H Out-of-bounds Write	*
H Directory Traversal	*
L GHSA-vvjj-xcjg-gr5g	*
L Improper Control of Dynamically-Managed Code Resources	<2.23.2-r0
L Improper Control of Dynamically-Managed Code Resources	<2.23.2-r0
L CVE-2026-44790	<2.22.6-r0
L Exposure of Resource to Wrong Sphere	<2.23.2-r0
L Improper Control of Dynamically-Managed Code Resources	<2.23.2-r0
H Resource Exhaustion	<2.23.2-r0
L Improper Control of Dynamically-Managed Code Resources	<2.23.2-r0
L Protection Mechanism Failure	<2.23.2-r0
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.22.6-r0
M Resource Exhaustion	<2.23.2-r0
H XML Injection	<2.23.2-r0
L Improper Handling of Exceptional Conditions	<2.22.6-r0
L Arbitrary Code Injection	<2.22.6-r0
L Deserialization of Untrusted Data	<2.22.6-r0
L CVE-2026-44789	<2.22.6-r0
L Improper Input Validation	<2.22.6-r0
L Uncontrolled Recursion	<2.22.6-r0
L Improper Handling of Unicode Encoding	<2.22.6-r0
H Uncontrolled Recursion	<2.23.2-r0
H Arbitrary Code Injection	<2.22.6-r0
L Protection Mechanism Failure	<2.23.2-r0
L GHSA-q3fm-4wcw-g57x	<2.23.2-r0
L Protection Mechanism Failure	<2.23.2-r0
L Exposure of Resource to Wrong Sphere	<2.22.6-r0
M Cross-site Scripting (XSS)	<2.23.2-r0
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<2.22.6-r0
L Protection Mechanism Failure	<2.23.2-r0
H Use of Uninitialized Resource	<2.23.2-r0
L CVE-2026-44791	<2.22.6-r0