MEDIUM npm
GHSA-qhxg-623c-cfjm · CVE-2026-47379 NocoDB: Plaintext Password Comparison in Shared Views
Modified: 6/5/2026
package
npm / nocodb
pkg:npm/nocodb
MEDIUM npm
GHSA-qxwq-q265-hc44 · CVE-2026-28359 NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text Field
Modified: 3/4/2026
MEDIUM npm
GHSA-r989-7g3j-wjhw · CVE-2026-53928 NocoDB: Refresh Tokens Persist Through Password Recovery
Modified: 6/17/2026
MEDIUM npm
GHSA-rcph-x7mj-54mm · CVE-2026-28397 NocoDB Vulnerable to Stored Cross-site Scripting via Comments
Modified: 3/4/2026
MEDIUM 4.3 npm
GHSA-2c5x-4jgf-88mj · CVE-2026-46548 NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
Modified: 5/21/2026
LOW npm
GHSA-387m-j3p9-3php · CVE-2026-28358 NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
Modified: 3/4/2026
MEDIUM npm
GHSA-3hmw-8mw3-rmpj · CVE-2026-24768 NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter
Modified: 2/3/2026
MEDIUM 6.5 npm
GHSA-3m5q-q39v-xf8f · CVE-2023-43794 nocodb SQL Injection vulnerability
Modified: 11/8/2023
MEDIUM npm
GHSA-45rp-9p97-h852 · CVE-2026-28399 NocoDB Vulnerable to SQL Injection via DATEADD Formula
Modified: 3/4/2026
MEDIUM npm
GHSA-4w6r-5c2j-qf5f · CVE-2026-47378 NocoDB: Hidden Column Exposure in Public Shared View Endpoints
Modified: 6/5/2026
HIGH 8.8 npm
GHSA-6293-2vg2-pmp5 · CVE-2022-2064 Insufficient Session Expiration in NocoDB
Modified: 11/8/2023
MEDIUM npm
GHSA-6mhr-74x2-98v9 · CVE-2026-53929 NocoDB: Stored Cross-Site Scripting via Secure Attachment
Modified: 6/17/2026
MEDIUM npm
GHSA-6xcx-7qmg-vjfq · CVE-2026-47376 NocoDB: Reflected Cross-Site Scripting via Password Reset Token
Modified: 6/5/2026
MEDIUM 6.5 npm
GHSA-8fxg-mr34-jqr8 · CVE-2023-50718 NocoDB SQL Injection vulnerability
Modified: 8/21/2025
MEDIUM npm
GHSA-8m7c-hf24-5g47 · CVE-2026-47386 NocoDB: OAuth Authorization Code Race Condition
Modified: 6/5/2026
LOW npm
GHSA-8rwr-f68v-cvw6 · CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL
Modified: 5/21/2026
MEDIUM npm
GHSA-8vm4-g489-v3w7 · CVE-2026-28398 NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells
Modified: 3/4/2026
MEDIUM 4.9 npm
GHSA-95ff-46g6-6gw9 · CVE-2026-24766 NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS
Modified: 2/3/2026
MEDIUM npm
GHSA-96fh-m4r8-6v9v · CVE-2026-47381 NocoDB: Cross-Workspace Integration Use in Connection Test
Modified: 6/5/2026
MEDIUM 6.5 npm
GHSA-99vc-2jx2-688p · CVE-2026-46551 NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
Modified: 5/21/2026
MEDIUM 6.1 npm
GHSA-9qgr-6vpg-9gh9 · CVE-2026-46547 NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
Modified: 5/21/2026
MEDIUM npm
GHSA-9wgh-m22w-9xj8 · CVE-2026-47279 NocoDB: Hidden LTAR Column Exposure in Public Shared-View Relation Endpoints
Modified: 6/5/2026
MEDIUM 5.8 npm
GHSA-chqv-vrj7-qffp · CVE-2026-46552 NocoDB: Shared-base link access can invite arbitrary users as persistent base members
Modified: 5/21/2026
MEDIUM 6.0 npm
GHSA-cxv7-gmmp-228p · CVE-2026-47375 NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`
Modified: 6/5/2026
MEDIUM 5.4 npm
GHSA-f74w-272x-mqcv · CVE-2026-46550 NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
Modified: 5/21/2026
LOW npm
GHSA-f76x-f9vj-92jv · CVE-2026-46554 NocoDB: Stale Auth Cache After API Token Deletion
Modified: 5/21/2026
HIGH 8.8 npm
GHSA-fq4h-m3c8-8m2v · CVE-2022-2063 Improper Privilege Management in NocoDB
Modified: 11/8/2023
MEDIUM npm
GHSA-g72g-r7m4-9x4g · CVE-2026-53926 NocoDB: OAuth Tokens Persist Through Security Events
Modified: 6/12/2026
MEDIUM npm
GHSA-gprh-27j3-g5h4 · CVE-2026-53927 NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL
Modified: 6/17/2026
MEDIUM 6.5 npm
GHSA-grv6-m753-3w2g · CVE-2022-3423 NocoDB vulnerable to Denial of Service
Modified: 11/8/2023
HIGH 7.3 npm
GHSA-h6r4-xvw6-jc5h · CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Modified: 8/21/2025
MEDIUM npm
GHSA-h6vv-pcq8-7xm4 · CVE-2026-53930 NocoDB: Server-Side Request Forgery via Base Migration URL
Modified: 6/17/2026
HIGH npm
GHSA-hj85-ph9q-78jg · CVE-2026-47387 NocoDB: Stored Cross-Site Scripting via Form View Redirect URL
Modified: 6/5/2026
MEDIUM npm
GHSA-hmcr-rmjq-47qr · CVE-2026-53931 NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint
Modified: 6/17/2026
MEDIUM 5.4 npm
GHSA-hv6q-5g4f-8897 · CVE-2022-2079 Cross-site Scripting in NocoDB
Modified: 11/8/2023
HIGH npm
GHSA-jf3g-4gwg-4h66 · CVE-2026-47383 NocoDB: Stored Cross-Site Scripting via Row Comments
Modified: 6/5/2026
LOW npm
GHSA-jr54-jwhj-55gp · CVE-2026-47380 NocoDB: User Enumeration via Sign-In Timing
Modified: 6/5/2026
LOW 2.0 npm
GHSA-m5qg-rvjq-727p · CVE-2026-46549 NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
Modified: 5/21/2026
LOW npm
GHSA-mpp2-x7wv-38hv · CVE-2026-28360 NocoDB has Plaintext Storage of Shared View Passwords
Modified: 3/4/2026
HIGH 7.5 npm
GHSA-mx8q-jqwm-85mv · CVE-2022-2062 NocoDB information disclosure vulnerability
Modified: 11/8/2023
MEDIUM npm
GHSA-p8wx-5f39-w3x4 · CVE-2026-47384 NocoDB: SQL Injection via Column Title in Bulk GroupBy
Modified: 6/5/2026
MEDIUM npm
GHSA-p9x3-w98f-7j3q · CVE-2026-28361 NocoDB Missing Ownership Validation in MCP Token Operations
Modified: 3/4/2026
HIGH npm
GHSA-q5c6-h22r-qpwr · CVE-2026-24769 NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
Modified: 2/3/2026
MEDIUM 5.7 npm
GHSA-qg73-g3cf-vhhh · CVE-2023-50717 NocoDB Allows Preview of Files with Dangerous Content
Modified: 8/21/2025
MEDIUM npm
GHSA-rvp5-9p55-f5rp · CVE-2026-47377 NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin
Modified: 6/5/2026
MEDIUM npm
GHSA-vx5p-q85x-xm3c · CVE-2026-28357 NocoDB has Stored Cross-site Scripting via Formula Cell
Modified: 3/4/2026
MEDIUM npm
GHSA-w43h-r5m5-p832 · CVE-2026-47382 NocoDB: Server-Side Request Forgery via Database Connection Host
Modified: 6/5/2026
MEDIUM 6.1 npm
GHSA-wf6c-hrhf-86cw · CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
Modified: 8/26/2025
MEDIUM npm
GHSA-wvqj-9wv4-7ff5 · CVE-2026-47385 NocoDB: Path Traversal via SQLite Source Filename
Modified: 6/5/2026
MEDIUM npm
GHSA-wwp2-x4rj-j8rm · CVE-2026-28401 NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells
Modified: 3/4/2026
MEDIUM npm
GHSA-x4vh-j75g-268g · CVE-2026-28396 NocoDB's Refresh Tokens Not Revoked on Password Reset
Modified: 3/4/2026
MEDIUM 4.9 npm
GHSA-xr7v-j379-34v9 · CVE-2026-24767 NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality
Modified: 2/3/2026
MEDIUM 6.5 npm
GHSA-xrpm-hccg-28x7 · CVE-2023-5104 Improper Input Validation in nocodb
Modified: 11/8/2023
LOW npm
GHSA-xxpj-q764-9r6q · CVE-2026-47388 NocoDB: Missing Ownership Check in MCP Attachment Read
Modified: 6/5/2026