pkg:npm/@saltcorn/server

4 total CVEsCRITICAL1HIGH1MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-41478Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
    from 0, < 1.4.6
  • HIGH8.2CVE-2026-40163Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read
    from 0, < 1.4.5
  • MEDIUM6.5CVE-2024-47818Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
    from 0, < 1.0.0-beta.16
  • CVE-2026-42259Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)
    from 0, < 1.4.6