Potentially Suspicious code. Google marked site as phishing

hello @Jon that’s not it … it’s just that the latest version doesn’t have the correction (it’s still 0.222.2) … since there are already 0.223.0, 0.224.0 and 0.224.1 released, but not as latest on dockerhub)

Hey @luizeof,

It isn’t latest because of our release process to try and provide more stable releases, We have Latest which is an older release and Next which is normally going to be the newest. We then also have another release which we will still be testing but can be used which would be more of an RC release.

We are going to release a 0.222.3 which will include the fix which will make sure the latest and the release considered stable has the fix applied.

So currently we have…

0.224.1 - RC - Will become Next soon
0.223.0 - Next - Will become Latest soon (although it will probably be 0.223.1
0.222.2 - Latest - This is considered to be stable and will soon be moved off the list but not before 0.222.3

1 Like

Alright quick update…

We have just released 0.222.3 which contains the recent fix, If you are using the latest tag you can repull that image and should be good to go.

While we believe this should fix this issue please make sure you keep an eye on the sites and report back if they are on that version and still get flagged.


After updating to version 0.222.3, Quttera still shows as Low Security Risk - Potentially Suspicious Content Detected! In my Google Search Console there is 1 security problem, but it still does not show the block on the site. I already reported that I updated the n8n as a problem resolution.

@sehcacsoF Can you please send me the link to the Quttera report?

This issue is having a negative impact.
Thanks for trying to help.

hello @Jon thanks for the feedback!

This release process is fantastic. will these images be tagged with some RC tag on dockerhub? It would be good to identify these releases and help the testing process. But I think that’s for another topic.

thanks for the efforts. I made a video where I showed the community how to update manually. I think it will help the people I can reach. Como Corrigir um Problema Sério com N8N (Aviso de Phishing) - YouTube


New version [email protected] got released which includes the GitHub PR 5952.

@jan @Jon Running the latest version of docker with 0.224.4 and the problem is back.

Looks like there is now a false positive on some code in the middle of the file, instead of the entire file.
Not sure if there is a way to work around that, besides maybe scrambling that file even more.

But, Thanks for reporting this. I’ll look into it.

1 Like

Problem identified in an instance with [email protected]

Two days ago I also had a problem with an instance with 0.196.0 that led to the domain being blacklisted by Google

same here 0.227.0

tested as 0.228.1 and the alert persists guys :wink:

I would expect that to be the case as we have not tried anything else to fix it yet. It isn’t an easy thing to change and really shouldn’t even be an issue.

I will have a chat with @netroy and see where we are with this.

Quick update on this one, From 0.229.0 we have fully removed the file causing the issue. This does mean that if anyone is still using Internet Explorer they will have an even worse time but it should resolve this issue fully.


@Jon @jan 0.229.0, 0.230.0 and 0.230.1 Tested and running perfectly, no more reports have appeared since version 0.229.0.

I tested these 3 versions on Quttera and no threat was found.

Thank you very much for your efforts, attention and dedication of the N8N team.


Thanks a lot @luizeof for reporting back. Is very appreciated.

And thanks a lot @netroy for finally getting this issue resolved!