nocodb vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-53931Mediumnocodb: NocoDB: Server-Side Request Forgery via Spreadsheet Import EndpointCVE-2026-53930Mediumnocodb: NocoDB: Server-Side Request Forgery via Base Migration URLCVE-2026-53929Mediumnocodb: NocoDB: Stored Cross-Site Scripting via Secure AttachmentCVE-2026-53928Mediumnocodb: NocoDB: Refresh Tokens Persist Through Password RecoveryCVE-2026-53927Mediumnocodb: NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URLCVE-2026-53926Mediumnocodb: NocoDB: OAuth Tokens Persist Through Security EventsCVE-2026-47388Lownocodb: NocoDB: Missing Ownership Check in MCP Attachment ReadCVE-2026-47387Highnocodb: NocoDB: Stored Cross-Site Scripting via Form View Redirect URLCVE-2026-47386Mediumnocodb: NocoDB: OAuth Authorization Code Race ConditionCVE-2026-47385Mediumnocodb: NocoDB: Path Traversal via SQLite Source FilenameCVE-2026-47384Mediumnocodb: NocoDB: SQL Injection via Column Title in Bulk GroupByCVE-2026-47383Highnocodb: NocoDB: Stored Cross-Site Scripting via Row CommentsCVE-2026-47382Mediumnocodb: NocoDB: Server-Side Request Forgery via Database Connection HostCVE-2026-47381Mediumnocodb: NocoDB: Cross-Workspace Integration Use in Connection TestCVE-2026-47380Lownocodb: NocoDB: User Enumeration via Sign-In TimingCVE-2026-47379Mediumnocodb: NocoDB: Plaintext Password Comparison in Shared ViewsCVE-2026-47378Mediumnocodb: NocoDB: Hidden Column Exposure in Public Shared View EndpointsCVE-2026-47377Mediumnocodb: NocoDB: Open Redirect via Hash Fragment in hashRedirect PluginCVE-2026-47376Mediumnocodb: NocoDB: Reflected Cross-Site Scripting via Password Reset TokenCVE-2026-47375Mediumnocodb: NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`CVE-2026-47279Mediumnocodb: NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation EndpointsCVE-2026-46554Lownocodb: NocoDB: Stale Auth Cache After API Token DeletionCVE-2026-46553Lownocodb: NocoDB: Attachment Size Limit Bypass via Upload-by-URLCVE-2026-46552Mediumnocodb: NocoDB: Shared-base link access can invite arbitrary users as persistent base membersCVE-2026-46551Mediumnocodb: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Stop the waste.
Protect your environment with Kodem.