Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nocodb — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting nocodb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by nocodb:nocodbnocodb/nocodb
CVE IDTitleCVSSSeverityPublished
CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula — nocodbCWE-89 8.8AIHighAI2026-03-02
CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28396 NocoDB: Refresh Tokens Not Revoked on Password Reset — nocodbCWE-613 7.1AIHighAI2026-03-02
CVE-2026-28361 NocoDB: Missing Ownership Validation in MCP Token Operations — nocodbCWE-639 8.3AIHighAI2026-03-02
CVE-2026-28360 NocoDB: Plaintext Storage of Shared View Passwords — nocodbCWE-256 6.5AIMediumAI2026-03-02
CVE-2026-28359 NocoDB: Stored Cross-Site Scripting via Rich Text Field — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28358 NocoDB: User Enumeration via Password Reset Endpoint — nocodbCWE-204 5.3AIMediumAI2026-03-02
CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-24769 NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload — nocodbCWE-79 5.4AIMediumAI2026-01-28
CVE-2026-24768 NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter — nocodbCWE-601 6.1AIMediumAI2026-01-28
CVE-2026-24767 NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality — nocodbCWE-918 4.9 Medium2026-01-28
CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS — nocodbCWE-1321 4.9 Medium2026-01-28
CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page — nocodbCWE-79 5.4 Medium2025-03-06
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue — nocodbCWE-79 7.3 High2024-05-13
CVE-2023-50718 NocoDB SQL Injection vulnerability — nocodbCWE-89 6.5 Medium2024-05-13
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content — nocodbCWE-434 5.7 Medium2024-05-13
CVE-2023-43794 SQL Injection in nocodb — nocodbCWE-89 6.5 Medium2023-10-17
CVE-2023-5104 Improper Input Validation in nocodb/nocodb — nocodb/nocodbCWE-20 9.8 -2023-09-21
CVE-2022-3423 Allocation of Resources Without Limits or Throttling in nocodb/nocodb — nocodb/nocodbCWE-770 7.3 High2022-10-07
CVE-2022-2339 Server-Side Request Forgery (SSRF) in nocodb/nocodb — nocodb/nocodbCWE-918 6.5 -2022-07-07
CVE-2022-2079 Cross-site Scripting (XSS) - Stored in nocodb/nocodb — nocodb/nocodbCWE-79 5.4 -2022-06-14
CVE-2022-2064 Insufficient Session Expiration in nocodb/nocodb — nocodb/nocodbCWE-613 9.8 -2022-06-13
CVE-2022-2063 Improper Privilege Management in nocodb/nocodb — nocodb/nocodbCWE-269 8.8 -2022-06-13
CVE-2022-2062 Generation of Error Message Containing Sensitive Information in nocodb/nocodb — nocodb/nocodbCWE-209 7.5 -2022-06-13
CVE-2022-2022 Cross-site Scripting (XSS) - Stored in nocodb/nocodb — nocodb/nocodbCWE-79 5.4 -2022-06-07
CVE-2022-22121 NocoDB - CSV Injection in User Management — nocodbCWE-1236 8.0 High2022-01-10
CVE-2022-22120 NocoDB - Observable Discrepancy in the password-reset feature — nocodbCWE-203 5.3 Medium2022-01-10

This page lists every published CVE security advisory associated with nocodb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.