VulnScope — package-centric CVE lookup- HIGH7.7CVE-2026-54304n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
- CRITICAL10.0n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
- CRITICAL9.9n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
- CRITICAL9.6n8n: Credential Exfiltration via Permission Bypass
- MEDIUM5.9n8n: Denial of Service via ZIP decompression in webhook workflow
- HIGH7.6n8n: Stored XSS in Chat Trigger Node
- HIGH7.6n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
- HIGH8.5n8n: Microsoft SQL Node Prototype Pollution
- CRITICAL9.0LobeHub: Unauthenticated SSRF in `/webapi/proxy`
- MEDIUM6.3n8n: Merge Node SQL Mode Prototype Pollution
- MEDIUM5.4n8n: Prototype Pollution enables confused-deputy execution via public webhooks
- HIGH7.6n8n: Same-Origin XSS in Respond to Webhook Node
- HIGH7.2n8n: Missing Token Validation on Microsoft Agent 365 Trigger and Stripe Nodes
- HIGH7.7n8n: NoSQL Injection in MongoDB Node Find And Replace Operation
- CRITICAL9.9n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
- HIGH7.7n8n: Git Node Clone and Push Operations Bypass File Sandbox
- HIGH8.5n8n: Python sandbox escape
- MEDIUM4.2Astro: XSS via Unescaped Attribute Names in Spread Props
- HIGH7.5Astro: Host header SSRF in prerendered error page fetch
- MEDIUM5.3@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
- MEDIUM6.5hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
- MEDIUM4.8hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
- HIGH7.1hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard
- MEDIUM5.9hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)
- MEDIUM5.3hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice