Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

12 advisories

Loading
n8n has an Authentication Bypass in its Chat Trigger Node Moderate
GHSA-jh8h-6c9q-7gmw was published for n8n (npm) Feb 26, 2026
sm1ee Credited to sm1ee
Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS Moderate
CVE-2026-26998 was published for github.com/traefik/traefik/v2 (Go) Mar 4, 2026
sm1ee Credited to sm1ee
n8n has SQL Injection in SeaTable Node Moderate
CVE-2026-42229 was published for n8n (npm) Apr 29, 2026
sm1ee Credited to sm1ee
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
n8n: HTTP Request Node Pagination Prototype Pollution to RCE Critical
CVE-2026-44789 was published for n8n (npm) May 14, 2026
sm1ee Credited to sm1ee
n8n Has a Source Control Pull SQL Injection High
CVE-2026-44792 was published for n8n (npm) May 14, 2026
sm1ee Credited to sm1ee
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes Moderate
CVE-2026-54310 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: NoSQL Injection in MongoDB Node Find And Replace Operation Moderate
CVE-2026-54313 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: Prototype Pollution enables confused-deputy execution via public webhooks Moderate
CVE-2026-54306 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
n8n: Merge Node SQL Mode Prototype Pollution Moderate
CVE-2026-54311 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
sm1ee Credited to sm1ee
n8n: Stored XSS in Chat Trigger Node High
CVE-2026-54302 was published for n8n (npm) Jun 16, 2026
sm1ee Credited to sm1ee
ProTip! Advisories are also available from the GraphQL API