Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/n8n@2.20.7
purl pkg:npm/n8n@2.20.7
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-63pn-hppa-13bx n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints ## Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control. Workflows relying on the affected credential would subsequently execute under the attacker's OAuth identity, enabling data exfiltration to attacker-controlled external services and persistent takeover of shared integrations. This issue affects instances where credentials are shared with other users or across projects. ## Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Restrict credential sharing to fully trusted users only. - Audit shared credentials for unexpected OAuth token changes and revoke any tokens that may have been replaced. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. --- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2026-45732
GHSA-6h4j-wcr9-2vg7
VCID-7fn6-gvxs-wygq n8n: HTTP Request Node Pagination Prototype Pollution to RCE ## Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. ## Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only. - Disable the HTTP Request node by adding `n8n-nodes-base.httpRequest` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. --- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-44789
GHSA-c8xv-5998-g76h
VCID-8zpu-gnub-2bb8 n8n Has a Source Control Pull SQL Injection ## Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection on the internal PostgreSQL instance. Exploitation requires all of the following conditions: - The n8n instance uses PostgreSQL as its database backend. - The Source Control feature is enabled and connected to a repository the attacker can write to. - An administrator triggers a Source Control Pull. ## Patches The issue has been fixed in n8n version 1.123.43, 2.20.7, and 2.21.1. Users should upgrade to this version or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Disable the Source Control feature if it is not actively required. - Restrict write access to the connected git repository to fully trusted users only. - Avoid pulling from repositories that may have been modified by untrusted parties. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. CVE-2026-44792
GHSA-mhrx-qhrj-673w
VCID-hx1p-thnm-4ud4 n8n Has an Arbitrary File Read via Git Node ## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only. - Disable the Git node by adding `n8n-nodes-base.git` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. --- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-44790
GHSA-57g9-58c2-xjg3
VCID-n38u-498z-gke2 n8n Has an XML Node Prototype Pollution Patch Bypass ## Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. ## Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users should upgrade to one of these versions or later to remediate the vulnerability. ## Workarounds If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only. - Disable the XML node by adding `n8n-nodes-base.xml` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures. --- n8n has adopted CVSS 4.0 as primary score for all security advisories. CVSS 3.1 vector strings are provided for backwards compatibility. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-44791
GHSA-wrwr-h859-xh2r

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T21:03:04.246205+00:00 GitLab Importer Fixing VCID-7fn6-gvxs-wygq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/n8n/CVE-2026-44789.yml 38.6.0
2026-06-13T21:02:44.939428+00:00 GitLab Importer Fixing VCID-hx1p-thnm-4ud4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/n8n/CVE-2026-44790.yml 38.6.0
2026-06-13T21:01:47.663046+00:00 GitLab Importer Fixing VCID-63pn-hppa-13bx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/n8n/CVE-2026-45732.yml 38.6.0
2026-06-13T21:01:40.737949+00:00 GitLab Importer Fixing VCID-8zpu-gnub-2bb8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/n8n/CVE-2026-44792.yml 38.6.0
2026-06-13T21:01:34.700334+00:00 GitLab Importer Fixing VCID-n38u-498z-gke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/n8n/CVE-2026-44791.yml 38.6.0
2026-06-13T06:30:22.659132+00:00 GHSA Importer Fixing VCID-63pn-hppa-13bx https://github.com/advisories/GHSA-6h4j-wcr9-2vg7 38.6.0
2026-06-13T06:30:22.609283+00:00 GHSA Importer Fixing VCID-8zpu-gnub-2bb8 https://github.com/advisories/GHSA-mhrx-qhrj-673w 38.6.0
2026-06-13T06:30:22.553602+00:00 GHSA Importer Fixing VCID-n38u-498z-gke2 https://github.com/advisories/GHSA-wrwr-h859-xh2r 38.6.0
2026-06-13T06:30:22.437416+00:00 GHSA Importer Fixing VCID-hx1p-thnm-4ud4 https://github.com/advisories/GHSA-57g9-58c2-xjg3 38.6.0
2026-06-13T06:30:22.383579+00:00 GHSA Importer Fixing VCID-7fn6-gvxs-wygq https://github.com/advisories/GHSA-c8xv-5998-g76h 38.6.0
2026-06-12T07:52:08.016728+00:00 GithubOSV Importer Fixing VCID-63pn-hppa-13bx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-6h4j-wcr9-2vg7/GHSA-6h4j-wcr9-2vg7.json 38.6.0
2026-06-12T07:51:57.758797+00:00 GithubOSV Importer Fixing VCID-8zpu-gnub-2bb8 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-mhrx-qhrj-673w/GHSA-mhrx-qhrj-673w.json 38.6.0
2026-06-12T07:51:52.271425+00:00 GithubOSV Importer Fixing VCID-7fn6-gvxs-wygq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-c8xv-5998-g76h/GHSA-c8xv-5998-g76h.json 38.6.0
2026-06-12T07:51:05.545017+00:00 GithubOSV Importer Fixing VCID-hx1p-thnm-4ud4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-57g9-58c2-xjg3/GHSA-57g9-58c2-xjg3.json 38.6.0
2026-06-12T07:51:00.409766+00:00 GithubOSV Importer Fixing VCID-n38u-498z-gke2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-wrwr-h859-xh2r/GHSA-wrwr-h859-xh2r.json 38.6.0