nocodb vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-46550Mediumnocodb: NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` FlagsCVE-2026-46549Lownocodb: NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope EscalationCVE-2026-46548Mediumnocodb: NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)CVE-2026-46547Mediumnocodb: NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URLCVE-2026-28401Mediumnocodb: NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text CellsCVE-2026-28397Mediumnocodb: NocoDB Vulnerable to Stored Cross-site Scripting via CommentsCVE-2026-28399Mediumnocodb: NocoDB Vulnerable to SQL Injection via DATEADD FormulaCVE-2026-28398Mediumnocodb: NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text CellsCVE-2026-28361Mediumnocodb: NocoDB Missing Ownership Validation in MCP Token OperationsCVE-2026-28396Mediumnocodb: NocoDB's Refresh Tokens Not Revoked on Password ResetCVE-2026-28360Lownocodb: NocoDB has Plaintext Storage of Shared View PasswordsCVE-2026-28359Mediumnocodb: NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text FieldCVE-2026-28358Lownocodb: NocoDB Vulnerable to User Enumeration via Password Reset EndpointCVE-2026-28357Mediumnocodb: NocoDB has Stored Cross-site Scripting via Formula CellCVE-2026-24766Mediumnocodb: NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoSCVE-2026-24767Mediumnocodb: NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL FunctionalityCVE-2026-24768Mediumnocodb: NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn ParameterCVE-2026-24769Highnocodb: NocoDB Vulnerable to Stored Cross-Site Scripting via SVG uploadCVE-2025-27506Mediumnocodb: NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password PageCVE-2023-49781Highnocodb: NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vueCVE-2023-50718Mediumnocodb: NocoDB SQL Injection vulnerabilityCVE-2023-50717Mediumnocodb: NocoDB Allows Preview of Files with Dangerous ContentCVE-2023-43794Mediumnocodb: nocodb SQL Injection vulnerabilityCVE-2023-5104Mediumnocodb: Improper Input Validation in nocodbCVE-2022-3423Mediumnocodb: NocoDB vulnerable to Denial of Service

Stop the waste.
Protect your environment with Kodem.