diff --git a/packages/cli/src/security-audit/risk-reporters/nodes-risk-reporter.ts b/packages/cli/src/security-audit/risk-reporters/nodes-risk-reporter.ts
index 1ef9c73938..524e1a44c1 100644
--- a/packages/cli/src/security-audit/risk-reporters/nodes-risk-reporter.ts
+++ b/packages/cli/src/security-audit/risk-reporters/nodes-risk-reporter.ts
@@ -1,4 +1,4 @@
-import { Container, Service } from '@n8n/di';
+import { Service } from '@n8n/di';
 import glob from 'fast-glob';
 import type { IWorkflowBase } from 'n8n-workflow';
 import * as path from 'path';
@@ -13,14 +13,14 @@ import {
 } from '@/security-audit/constants';
 import type { Risk, RiskReporter } from '@/security-audit/types';
 import { getNodeTypes } from '@/security-audit/utils';
-import { CommunityPackagesService } from '@/community-packages/community-packages.service';
-import { CommunityPackagesConfig } from '@/community-packages/community-packages.config';
+
+import { PackagesRepository } from '../security-audit.repository';
 
 @Service()
 export class NodesRiskReporter implements RiskReporter {
 	constructor(
 		private readonly loadNodesAndCredentials: LoadNodesAndCredentials,
-		private readonly communityPackagesService: CommunityPackagesService,
+		private readonly packagesRepository: PackagesRepository,
 	) {}
 
 	async report(workflows: IWorkflowBase[]) {
@@ -86,9 +86,7 @@ export class NodesRiskReporter implements RiskReporter {
 	}
 
 	private async getCommunityNodeDetails() {
-		if (!Container.get(CommunityPackagesConfig).enabled) return [];
-
-		const installedPackages = await this.communityPackagesService.getAllInstalledPackages();
+		const installedPackages = await this.packagesRepository.find({ relations: ['installedNodes'] });
 
 		return installedPackages.reduce<Risk.CommunityNodeDetails[]>((acc, pkg) => {
 			pkg.installedNodes.forEach((node) =>
diff --git a/packages/cli/src/security-audit/security-audit.repository.ts b/packages/cli/src/security-audit/security-audit.repository.ts
new file mode 100644
index 0000000000..f9ba4c31c1
--- /dev/null
+++ b/packages/cli/src/security-audit/security-audit.repository.ts
@@ -0,0 +1,11 @@
+import { InstalledPackages } from '@n8n/db';
+import { Service } from '@n8n/di';
+// eslint-disable-next-line n8n-local-rules/misplaced-n8n-typeorm-import
+import { DataSource, Repository } from '@n8n/typeorm';
+
+@Service()
+export class PackagesRepository extends Repository<InstalledPackages> {
+	constructor(dataSource: DataSource) {
+		super(InstalledPackages, dataSource.manager);
+	}
+}
diff --git a/packages/cli/test/integration/security-audit/nodes-risk-reporter.test.ts b/packages/cli/test/integration/security-audit/nodes-risk-reporter.test.ts
index 4b9f634850..f56d20cba1 100644
--- a/packages/cli/test/integration/security-audit/nodes-risk-reporter.test.ts
+++ b/packages/cli/test/integration/security-audit/nodes-risk-reporter.test.ts
@@ -7,6 +7,7 @@ import { v4 as uuid } from 'uuid';
 import { LoadNodesAndCredentials } from '@/load-nodes-and-credentials';
 import { NodeTypes } from '@/node-types';
 import { OFFICIAL_RISKY_NODE_TYPES, NODES_REPORT } from '@/security-audit/constants';
+import { PackagesRepository } from '@/security-audit/security-audit.repository';
 import { SecurityAuditService } from '@/security-audit/security-audit.service';
 import { toReportTitle } from '@/security-audit/utils';
 import { CommunityPackagesService } from '@/community-packages/community-packages.service';
@@ -18,6 +19,7 @@ nodesAndCredentials.getCustomDirectories.mockReturnValue([]);
 mockInstance(NodeTypes);
 const communityPackagesService = mockInstance(CommunityPackagesService);
 Container.set(CommunityPackagesService, communityPackagesService);
+const packagesRepository = mockInstance(PackagesRepository);
 
 let securityAuditService: SecurityAuditService;
 
@@ -37,7 +39,7 @@ afterAll(async () => {
 });
 
 test('should report risky official nodes', async () => {
-	communityPackagesService.getAllInstalledPackages.mockResolvedValue(MOCK_PACKAGE);
+	packagesRepository.find.mockResolvedValue(MOCK_PACKAGE);
 	const map = [...OFFICIAL_RISKY_NODE_TYPES].reduce<{ [nodeType: string]: string }>((acc, cur) => {
 		return (acc[cur] = uuid()), acc;
 	}, {});
@@ -82,7 +84,7 @@ test('should report risky official nodes', async () => {
 });
 
 test('should not report non-risky official nodes', async () => {
-	communityPackagesService.getAllInstalledPackages.mockResolvedValue(MOCK_PACKAGE);
+	packagesRepository.find.mockResolvedValue(MOCK_PACKAGE);
 	await saveManualTriggerWorkflow();
 
 	const testAudit = await securityAuditService.run(['nodes']);
@@ -99,7 +101,7 @@ test('should not report non-risky official nodes', async () => {
 });
 
 test('should report community nodes', async () => {
-	communityPackagesService.getAllInstalledPackages.mockResolvedValue(MOCK_PACKAGE);
+	packagesRepository.find.mockResolvedValue(MOCK_PACKAGE);
 
 	const testAudit = await securityAuditService.run(['nodes']);