nocodb
Cloud & SaaSoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting nocodb.
- CVE-2026-46547NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL6.1
- CVE-2026-46548NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)4.3
- CVE-2026-46549NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation2.0
- CVE-2026-46550NocoDB: Refresh Token Cookie Set Without `Secure` and `SameSite` Flags5.4
- CVE-2026-46552NocoDB: Shared-base link access can invite arbitrary users as persistent base members5.8
- CVE-2026-47375NocoDB: Postgres SQL Injection in Formula `ARRAYSORT`6.0
- CVE-2026-46551NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion6.5
- CVE-2026-28401NocoDB: Stored Cross-Site Scripting via Rich Text Cells5.4
- CVE-2026-28399NocoDB: SQL Injection via DATEADD Formula8.8
- CVE-2026-28398NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells5.4
- CVE-2026-28397NocoDB: Stored Cross-Site Scripting via Comments5.4
- CVE-2026-28396NocoDB: Refresh Tokens Not Revoked on Password Reset6.5
- CVE-2026-28361NocoDB: Missing Ownership Validation in MCP Token Operations6.3
- CVE-2026-28360NocoDB: Plaintext Storage of Shared View Passwords5.3
- CVE-2026-28359NocoDB: Stored Cross-Site Scripting via Rich Text Field5.4