VIR Vulnerability Intelligence Relay

Package impact

npm npm / n8n

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42233 critical 9.8 9.8 1mo ago n8n has SQL Injection in Oracle Database Node via Limit Field
CVE-2026-42235 critical 9.6 9.6 1mo ago n8n Vulnerable to XSS via MCP OAuth client
CVE-2026-44791 critical 9.5 21d ago n8n Has an XML Node Prototype Pollution Patch Bypass
CVE-2026-44790 critical 9.5 21d ago n8n Has an Arbitrary File Read via Git Node
CVE-2026-44789 critical 9.5 21d ago n8n: HTTP Request Node Pagination Prototype Pollution to RCE
CVE-2026-42228 medium 6.5 6.5 1mo ago n8n Vulnerable to Hijacking of Unauthenticated Chat Execution
CVE-2026-42227 medium 6.5 6.5 1mo ago n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure
CVE-2026-42230 medium 6.1 6.1 1mo ago n8n has Open Redirect in MCP OAuth Consent Flow
CVE-2025-68613 unknown 2.5 5mo ago n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution.