26 matches found
CVE-2026-47385
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...
CVE-2026-47386
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...
CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...
CVE-2026-46551 NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...
CVE-2026-47279
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...
CVE-2026-47384
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. The bulk groupBy path in group-by.ts builds three database-specific...
CVE-2026-47385 NocoDB: Path Traversal via SQLite Source Filename
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...
Server-side Request Forgery (SSRF)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the connection-test endpoint. An authenticated attacker can access internal network resources by supplying a crafted database host value when testing database connections...
User Impersonation
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to User Impersonation via the testConnection endpoint when the integration is fetched in a bypass scope and permission checks are insufficiently scoped to the integration's workspace. An attacker can gain unauthorized...
Insufficient Session Expiration
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...
Authorization Bypass Through User-Controlled Key
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the McpTokenService.get, regenerateToken, and delete functions due to missing ownership validation for MCP tokens. An attacker with Creator role privileges can...
CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3...
Server-side Request Forgery (SSRF)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the uploadViaURL function in the attachments.service.ts file. An attacker can trigger outbound requests to arbitrary URLs by supplying crafted input to the process before validatio...
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...
EUVD-2026-4870
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...
CVE-2026-24766
NocoDB prior to 0.301.0 is affected by a prototype pollution in /api/v2/meta/connection/test. An authenticated user with org-level-creator permissions can trigger pollution that causes all database write operations to fail until the server is restarted. The issue bypasses SUPER_ADMIN checks but c...
EUVD-2022-27270
Malicious code in bioql PyPI...
EUVD-2022-6040
Malicious code in bioql PyPI...
EUVD-2024-1743
Malicious code in bioql PyPI...
EUVD-2023-2630
Malicious code in bioql PyPI...