pkg:npm/@budibase/backend-core
共 4 筆 CVECRITICAL2HIGH1MEDIUM1
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.6CVE-2026-31818Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklistfrom 0, < 3.33.4
- CRITICAL9.1CVE-2026-41428Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpointsfrom 0, <= 3.35.3
- HIGH8.1CVE-2026-42239Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeoverfrom 0, < 3.35.10
- MEDIUM4.2CVE-2026-46424Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hourfrom 0, < 3.38.2