@saltcorn/server vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-42259Medium@saltcorn/server: Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)CVE-2026-41478Critical@saltcorn/server: Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)CVE-2026-40163High@saltcorn/server: Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory readGHSA-CR3W-CW5W-H3FJCritical@saltcorn/server: Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCEGHSA-PF56-H9QF-RXQ4Medium@saltcorn/server: Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs pageCVE-2024-47818High@saltcorn/server: Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerabilityGHSA-78P3-FWCQ-62C2High@saltcorn/server: @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters…GHSA-CFQX-F43M-VFH7Medium@saltcorn/server: @saltcorn/server arbitrary file and directory listing when accessing build mobile app resultsGHSA-277H-PX4M-62Q8Medium@saltcorn/server: @saltcorn/server arbitrary file zip read and download when downloading auto backups

Stop the waste.
Protect your environment with Kodem.