diff --git a/src/Controller/NodeRevisionController.php b/src/Controller/NodeRevisionController.php
index aed231c880f8bf4fbe45c5897cd69abbc5b6f4ce..b74d840dc0bcbac6d75f34f90caff89b29957726 100644
--- a/src/Controller/NodeRevisionController.php
+++ b/src/Controller/NodeRevisionController.php
@@ -3,6 +3,8 @@
 namespace Drupal\diff\Controller;
 
 use Drupal\node\NodeInterface;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Returns responses for Node Revision routes.
@@ -22,6 +24,9 @@ class NodeRevisionController extends PluginRevisionController {
    *   Render array containing the revisions table for $node.
    */
   public function revisionOverview(NodeInterface $node) {
+    if (!$node->access('view')) {
+      throw new AccessDeniedHttpException();
+    }
     return $this->formBuilder()->getForm('Drupal\diff\Form\RevisionOverviewForm', $node);
   }
 
@@ -43,6 +48,9 @@ class NodeRevisionController extends PluginRevisionController {
    *   Table showing the diff between the two node revisions.
    */
   public function compareNodeRevisions(NodeInterface $node, $left_revision, $right_revision, $filter) {
+    if (!$node->access('view')) {
+      throw new AccessDeniedHttpException();
+    }
     $storage = $this->entityTypeManager()->getStorage('node');
     $route_match = \Drupal::routeMatch();
     $left_revision = $storage->loadRevision($left_revision);
diff --git a/src/Controller/PluginRevisionController.php b/src/Controller/PluginRevisionController.php
index c6148ff37fcba21f5bd5e77503e05c36f07feec0..b266591ff4ef177b8c190688d6442b1800ab7997 100644
--- a/src/Controller/PluginRevisionController.php
+++ b/src/Controller/PluginRevisionController.php
@@ -13,6 +13,8 @@ use Drupal\diff\DiffEntityComparison;
 use Drupal\diff\DiffLayoutManager;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 /**
  * Base class for controllers that return responses on entity revision routes.
@@ -142,6 +144,12 @@ class PluginRevisionController extends ControllerBase {
         $revisions_ids[] = $revision_id;
       }
     }
+    if ($entity->id() !== $left_revision->id() || $entity->id() !== $right_revision->id()) {
+      throw new NotFoundHttpException();
+    }
+    if (!$right_revision->access('view') || !$left_revision->access('view')) {
+      throw new AccessDeniedHttpException();
+    }
 
     $build = [
       '#title' => $this->t('Changes to %title', ['%title' => $entity->label()]),