Common n8n issues
Explore all the issues Audit8n can detect in your workflows. Learn how to identify and fix them.
Hardcoded Credentials
Exposed passwords, API keys, or tokens in workflow JSON
Hardcoded Secrets
Sensitive data embedded directly in nodes
Hardcoded Bearer Token
Authentication tokens in plain text
Hardcoded Email
Email addresses that should be parameterized
Hardcoded URL
URLs that should use environment variables
Unauthenticated Webhook
Webhooks exposed without authentication
RCE Risk Execute Command
Remote code execution vulnerabilities
Critical RCE Vulnerability
Severe code execution risks
Potential SQL Injection
SQL queries vulnerable to injection
SSRF Vulnerability
Server-Side Request Forgery risks
CSRF Risk on Webhook
Cross-Site Request Forgery vulnerabilities
Dangerous Eval
Unsafe eval() function usage
Prompt Injection Risk
AI prompt manipulation vulnerabilities
Insecure SSL
SSL/TLS verification disabled
Environment Access
Improper environment variable handling
Permissive CORS
Overly permissive cross-origin settings
Sensitive Pinned Data
Secrets in pinned test data
Task Runner Env Access
Environment access from task runners
Unencrypted FTP
Using plain FTP instead of SFTP
Unsafe Module Import
Dangerous module imports in code nodes
Aggressive Polling
Polling intervals that are too frequent
AI Node in Loop Without Batching
Inefficient AI API calls
Large AI Input Payload
Oversized data sent to AI models
No Max Tokens Limit
Missing token limits on AI responses
Inefficient Batch Size
Suboptimal batch processing
Data Bloat Risk
Unnecessary data accumulation
Potential N+1 Problem
Database query anti-pattern
Select All Anti-Pattern
SELECT * in database queries
Potential Infinite Loop
Loops without exit conditions
Indefinite Wait
Wait nodes without timeout
Data Pruning Needed
Missing data retention policies
Large JSON Parsing
Memory issues from large payloads
Unthrottled Loop HTTP
HTTP requests without rate limiting
Using Expensive Model for Simple Task
GPT-4 for simple tasks
Fragile External Call
Unprotected API calls
Potential Merge Deadlock
Blocking merge nodes
Unsafe JSON Parsing
JSON.parse without error handling
Switch Without Fallback
Missing default case
Unhandled IF Branch
IF nodes with unhandled paths
Timeout Not Configured
Missing timeout settings
Missing Global Error Workflow
No error handler configured
Missing AI Error Handling
AI nodes without error handling
Invalid Cron Expression
Malformed schedule triggers
Default Node Name
Using generic node names
Default Timezone
Timezone not explicitly set
Complex Code Node
Overly complex code blocks
Monolithic Workflow
Workflows that are too large
Orphan Node
Disconnected nodes in workflow
Pinned Data Detected
Test data left in production
Deprecated Syntax
Using outdated n8n syntax
Execution Progress Saving Enabled
Performance impact setting
Disabled Nodes
Disabled nodes left in production
Duplicate Logic
Repeated logic across nodes
Inconsistent Naming
Mixed naming conventions
Legacy Function Node
Deprecated function nodes
Legacy Node Access
Deprecated access patterns
Missing Node Notes
Undocumented complex nodes
Return Items Pattern
Incorrect return format
Spaghetti Connections
Complex tangled connections
Want to detect these issues?
Upload your n8n workflow and get an instant security, performance, and reliability analysis.
Analyze my workflow