pkg:npm/nocodb

共 33 筆 CVEHIGH4MEDIUM14LOW1

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.8CVE-2022-2064Insufficient Session Expiration in NocoDB
    from 0, < 0.91.9
  • HIGH8.8CVE-2022-2063Improper Privilege Management in NocoDB
    from 0, < 0.91.8
  • HIGH7.5CVE-2022-2062NocoDB information disclosure vulnerability
    from 0, < 0.91.7
  • HIGH7.3CVE-2023-49781NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
    from 0, < 0.202.9
  • MEDIUM6.5CVE-2026-46551NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
    from 0, <= 0.301.3
  • MEDIUM6.5CVE-2023-50718NocoDB SQL Injection vulnerability
    from 0, < 0.202.10
  • MEDIUM6.5CVE-2023-43794nocodb SQL Injection vulnerability
    from 0, < 0.111.0
  • MEDIUM6.5CVE-2023-5104Improper Input Validation in nocodb
    from 0, < 0.96.0
  • MEDIUM6.5CVE-2022-3423NocoDB vulnerable to Denial of Service
    from 0, < 0.92.0
  • MEDIUM6.1CVE-2026-46547NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
    from 0, <= 0.301.3
  • MEDIUM6.1CVE-2025-27506NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
    from 0, < 0.258.0
  • MEDIUM5.8CVE-2026-46552NocoDB: Shared-base link access can invite arbitrary users as persistent base members
    from 0, <= 0.301.3
  • MEDIUM5.7CVE-2023-50717NocoDB Allows Preview of Files with Dangerous Content
    >= 0.202.6, < 0.202.10
  • MEDIUM5.4CVE-2026-46550NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
    from 0, <= 0.301.3
  • MEDIUM5.4CVE-2022-2079Cross-site Scripting in NocoDB
    from 0, < 0.91.9
  • MEDIUM4.9CVE-2026-24766NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS
    from 0, < 0.301.0
  • MEDIUM4.9CVE-2026-24767NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality
    from 0, < 0.301.0
  • MEDIUM4.3CVE-2026-46548NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
    from 0, <= 0.301.3
  • LOW2.0CVE-2026-46549NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
    from 0, <= 0.301.3
  • CVE-2026-46554NocoDB: Stale Auth Cache After API Token Deletion
    from 0, <= 0.301.3
  • CVE-2026-46553NocoDB: Attachment Size Limit Bypass via Upload-by-URL
    from 0, <= 0.301.3
  • CVE-2026-28401NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells
    from 0, < 0.301.3
  • CVE-2026-28397NocoDB Vulnerable to Stored Cross-site Scripting via Comments
    from 0, < 0.301.3
  • CVE-2026-28399NocoDB Vulnerable to SQL Injection via DATEADD Formula
    from 0, < 0.301.3
  • CVE-2026-28398NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
    from 0, < 0.301.3
  • CVE-2026-28361NocoDB Missing Ownership Validation in MCP Token Operations
    from 0, < 0.301.3
  • CVE-2026-28396NocoDB's Refresh Tokens Not Revoked on Password Reset
    from 0, < 0.301.3
  • CVE-2026-28360NocoDB has Plaintext Storage of Shared View Passwords
    from 0, < 0.301.3
  • CVE-2026-28359NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text Field
    from 0, < 0.301.3
  • CVE-2026-28358NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
    from 0, < 0.301.3
  • CVE-2026-28357NocoDB has Stored Cross-site Scripting via Formula Cell
    from 0, < 0.301.3
  • CVE-2026-24768NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter
    from 0, < 0.301.0
  • CVE-2026-24769NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
    from 0, < 0.301.0