Form-data package exception

Aryaman_Gurjar August 7, 2025, 9:42am 1

Bug Description
When I try to install n8n globally using

npm install -g n8n
Vulnerabilities
±--------------------±---------±-----±----------------±----------------------±---------------------------------±------------±-----------±-----------±---------------------------------------------------±------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | GRACE DAYS | DESCRIPTION | TRIGGERED FAILURE |
±--------------------±---------±-----±----------------±----------------------±---------------------------------±------------±-----------±-----------±---------------------------------------------------±------------------+
| CVE-2025-7783 | critical | 9.40 | form-data | 4.0.0 | fixed in 4.0.4, 3.0.4, 2.5.4 | 17 days | < 1 hour | 1 | Use of Insufficiently Random Values vulnerability | No |
| | | | | | 14 days ago | | | | in form-data allows HTTP Parameter Pollution | |
| | | | | | | | | | (HPP). This vulnerability is associated with | |
| | | | | | | | | | program fi… | |
How to solve this it is coming in my deployment

even i tried

RUN npm install -g n8n &&
cd /usr/local/lib/node_modules/n8n &&
npm install [email protected] &&
npm dedupe &&
npm ls form-data || true

Operating System
Ubuntu

n8n Version
1.105.3

Node.js Version
23.0.0

Database
MySQL

Execution mode
main (default)

Hosting
self hosted

system Closed November 5, 2025, 9:42am 2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.