Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Budibase — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting Budibase. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Budibase:budibasebudibase/budibase
CVE IDTitleCVSSSeverityPublished
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints — budibaseCWE-287 9.1 Critical2026-04-24
CVE-2026-35218 Budibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command Palette — budibaseCWE-79 8.7 High2026-04-03
CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step — budibaseCWE-78 9.1 Critical2026-04-03
CVE-2026-35214 Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write — budibaseCWE-22 8.7 High2026-04-03
CVE-2026-31818 Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist — budibaseCWE-918 9.6 Critical2026-04-03
CVE-2026-25044 Budibase: Command Injection in Bash Automation Step — budibaseCWE-78 8.8AIHighAI2026-04-03
CVE-2026-25043 Budibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email Flooding — budibaseCWE-770 5.3 Medium2026-04-03
CVE-2026-33226 Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview — budibaseCWE-918 8.7 High2026-03-20
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection — budibaseCWE-74 9.1 Critical2026-03-09
CVE-2026-30240 Budibase PWA ZIP Upload Path Traversal Allows Reading Arbitrary Server Files Including All Environment Secrets — budibaseCWE-22 9.6 Critical2026-03-09
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role) — budibaseCWE-862 8.8AIHighAI2026-03-09
CVE-2026-25737 Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS) — budibaseCWE-602 8.9 High2026-03-09
CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command — budibaseCWE-78 9.8AICriticalAI2026-03-09
CVE-2026-27702 Budibase Vulnerable to Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) — budibaseCWE-20 9.9 Critical2026-02-25
CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role — budibaseCWE-863 8.8AIHighAI2026-01-29
CVE-2023-29010 BudiBase Server-Side Request Forgery vulnerability — budibaseCWE-918 6.5 Medium2023-04-06
CVE-2022-3225 Improper Control of Dynamically-Managed Code Resources in budibase/budibase — budibase/budibaseCWE-913 8.8 High2022-09-16

This page lists every published CVE security advisory associated with Budibase. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.