Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nocodb — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in nocodb, with AI-generated Chinese analysis, references, and POCs.

Vendor: nocodb

CVE IDTitleCVSSSeverityPublished
CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells CWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula CWE-89 8.8AIHighAI2026-03-02
CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells CWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments CWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28396 NocoDB: Refresh Tokens Not Revoked on Password Reset CWE-613 7.1AIHighAI2026-03-02
CVE-2026-28361 NocoDB: Missing Ownership Validation in MCP Token Operations CWE-639 8.3AIHighAI2026-03-02
CVE-2026-28360 NocoDB: Plaintext Storage of Shared View Passwords CWE-256 6.5AIMediumAI2026-03-02
CVE-2026-28359 NocoDB: Stored Cross-Site Scripting via Rich Text Field CWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28358 NocoDB: User Enumeration via Password Reset Endpoint CWE-204 5.3AIMediumAI2026-03-02
CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell CWE-79 5.4AIMediumAI2026-03-02
CVE-2026-24769 NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload CWE-79 5.4AIMediumAI2026-01-28
CVE-2026-24768 NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter CWE-601 6.1AIMediumAI2026-01-28
CVE-2026-24767 NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality CWE-918 4.9 Medium2026-01-28
CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS CWE-1321 4.9 Medium2026-01-28
CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page CWE-79 5.4 Medium2025-03-06
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue CWE-79 7.3 High2024-05-13
CVE-2023-50718 NocoDB SQL Injection vulnerability CWE-89 6.5 Medium2024-05-13
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content CWE-434 5.7 Medium2024-05-13
CVE-2023-43794 SQL Injection in nocodb CWE-89 6.5 Medium2023-10-17
CVE-2022-22121 NocoDB - CSV Injection in User Management CWE-1236 8.0 High2022-01-10
CVE-2022-22120 NocoDB - Observable Discrepancy in the password-reset feature CWE-203 5.3 Medium2022-01-10

All 21 known CVE vulnerabilities affecting nocodb with full Chinese analysis, references, and POCs where available.