pkg:npm/budibase

5 total CVEsCRITICAL1HIGH3MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-27702Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)
    from 0, < 3.30.4
  • HIGH8.7CVE-2026-33226Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
    from 0, <= 3.30.6
  • HIGH7.7CVE-2026-45061Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)
    from 0, < 3.35.10
  • HIGH7.6CVE-2026-46426Budibase: Unrestricted Upload of File with Dangerous Type
    from 0, < 3.38.2
  • MEDIUM5.4CVE-2026-45718Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
    from 0, < 3.38.1