Please report (suspected) security vulnerabilities to security@n8n.io. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
Security: n8n-io/n8n
Security
SECURITY.md
-
Symlink traversal vulnerability in "Read/Write File" node allows access to restricted filesGHSA-ggjm-f3g4-rwmm published
Aug 20, 2025 by csuermannModerate -
Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ WorkflowsGHSA-gq57-v332-7666 published
Jul 3, 2025 by csuermannModerate -
Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/sourceGHSA-hfmv-hhh3-43f2 published
Aug 19, 2025 by csuermannHigh -
Denial of Service via Malformed Binary Data RequestsGHSA-pr9r-gxgp-9rm8 published
Jul 3, 2025 by csuermannModerate -
Open Redirect Vulnerability in n8n Login FlowGHSA-5vj6-wjr7-5v9f published
Jun 26, 2025 by csuermannModerate -
Stored XSS through Attachments View EndpointGHSA-c8hm-hr8h-5xjw published
Apr 28, 2025 by csuermannModerate
Learn more about advisories related to n8n-io/n8n in the GitHub Advisory Database