GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
9 advisories
Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
High
GHSA-3prp-9gf7-4rxx
was published
for
flowise
(npm)
Apr 17, 2026
Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association
High
GHSA-48m6-ch88-55mj
was published
for
flowise
(npm)
Apr 16, 2026
Flowise: Unauthenticated Information Disclosure of OAuth Secrets (Cleartext) via GET Request
Moderate
GHSA-6pcv-j4jx-m4vx
was published
for
flowise
(npm)
Apr 16, 2026
Flowise has IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration
High
CVE-2026-30823
was published
for
flowise
(npm)
Mar 6, 2026
n8n Vulnerable to Command Injection in Community Package Installation
Critical
CVE-2026-21893
was published
for
n8n
(npm)
Feb 4, 2026
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
High
CVE-2026-24763
was published
for
clawdbot
(npm)
Feb 2, 2026
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching
Moderate
CVE-2025-68949
was published
for
n8n
(npm)
Jan 13, 2026
Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
High
CVE-2025-68697
was published
for
n8n
(npm)
Dec 26, 2025
n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
Critical
CVE-2025-68668
was published
for
n8n
(npm)
Dec 26, 2025
ProTip!
Advisories are also available from the
GraphQL API