@cubejs-backend/server (>=1.5.0 <=1.5.12), @cubejs-backend/server-core (>=1.5.0 <=1.5.12) +1 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.5.0 <=1.5.12)

@cubejs-backend/api-gateway NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.12 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...

Cube.js Input Validation Error Vulnerability

Cube.js is an open source analytics API platform open sourced from Cube.js in the United States. An input validation error vulnerability exists in versions of Cube.js prior to 0.34.34, which stems from the fact that it is possible to cause a denial of service by submitting a specially crafted...

CVE-2022-23510 SQl injection in cube-js

cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...

Default Express middleware security check is ignored in production

Default Express middleware security check is ignored in production Impact All Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default express authentication middleware in production environment are affected. Patches @cubejs-backend/[email protected] Workaround...

GHSA-4J6X-W426-6RC6 Default Express middleware security check is ignored in production

Default Express middleware security check is ignored in production Impact All Cube.js deployments that use affected versions of @cubejs-backend/api-gateway with default express authentication middleware in production environment are affected. Patches @cubejs-backend/[email protected] Workaround...