Package impact
npm / n8n
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42228 | medium | 6.5 | 6.5 | 1mo ago | n8n Vulnerable to Hijacking of Unauthenticated Chat Execution | |||
| CVE-2026-42227 | medium | 6.5 | 6.5 | 1mo ago | n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure | |||
| CVE-2026-42230 | medium | 6.1 | 6.1 | 1mo ago | n8n has Open Redirect in MCP OAuth Consent Flow | |||
| CVE-2025-68613 | unknown | — | 2.5 | 5mo ago | n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. |