Lucene search
K

428 matches found

CVE
CVE
added 2026/06/23 7:41 p.m.14 views

CVE-2026-53931

NocoDB: Server-Side Request Forgery via the spreadsheet-import endpoint (axiosRequestMake) allowed unauthenticated use as a generic HTTP proxy prior to 2026.05.1, enabling potentially unintended requests to internal destinations. The issue is fixed in 2026.05.1. The GHSA/OSV/PT-Security disclosur...

6.9CVSS5.9AI score0.00295EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 2:8 p.m.4 views

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

6.9CVSS5.8AI score0.00295EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:8 p.m.4 views

NPM: NocoDB: Server-Side Request Forgery via Base Migration URL

NPM: NocoDB: Server-Side Request Forgery via Base Migration URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:7 p.m.4 views

NPM: NocoDB: Stored Cross-Site Scripting via Secure Attachment

NPM: NocoDB: Stored Cross-Site Scripting via Secure Attachment vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:7 p.m.5 views

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery

NPM: NocoDB: Refresh Tokens Persist Through Password Recovery vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

6.3CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:6 p.m.6 views

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

NPM: NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.1CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:6 p.m.11 views

NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

Summary The spreadsheet-fetch endpoint axiosRequestMake accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled regex blocklist that omitted 127.0.0.0/8 and 169.254.0.0/16, allowing the cloud-metadata endpoint to be reached with a crafted URL...

5.1CVSS5.3AI score0.00282EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/05 4:43 p.m.6 views

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to revoke OAuth tokens in the revokeAllOAuthTokensByUser process after password change, reset, or recovery. An attacker can maintain unauthorized access by continuing...

6.3CVSS5.4AI score0.00295EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:43 p.m.13 views

GHSA-G72G-R7M4-9X4G NocoDB: OAuth Tokens Persist Through Security Events

Summary OAuth access and refresh tokens were not revoked when the user changed, reset, or recovered their password, leaving an attacker-issued OAuth grant valid after the user believed they had locked the attacker out. Details revokeAllOAuthTokensByUser in the users service was an empty stub bein...

6.3CVSS5.5AI score0.00295EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 4:22 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the readAttachment tool. An attacker can access files in the shared storage belonging to other users by supplying a known attachment path and a valid MCP token...

3.5CVSS5.3AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:22 p.m.8 views

GHSA-XXPJ-Q764-9R6Q NocoDB: Missing Ownership Check in MCP Attachment Read

Summary A low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not verify the file's ownership. Details The MCP readAttachment tool accepts...

2.3CVSS5.5AI score0.00209EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:20 p.m.16 views

NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

8.4CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/05 4:20 p.m.6 views

Race Condition

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Race Condition through a race condition in the OAuth token exchange. An attacker can obtain multiple valid token pairs by making concurrent requests using the same authorization code and PKCE verifier. Remediation...

6.3CVSS5.4AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:20 p.m.6 views

Directory Traversal

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Directory Traversal in the process that handles SQLite source filenames. An attacker can gain unauthorized access to or modify internal application data by supplying a crafted filename that points to arbitrary files...

5.4CVSS6.1AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:20 p.m.7 views

GHSA-WVQJ-9WV4-7FF5 NocoDB: Path Traversal via SQLite Source Filename

Summary An authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. Details The SQLite client and the base/integration create services accepted a caller-supplied filename and passed it to...

5.3CVSS5.6AI score0.00324EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 4:19 p.m.5 views

SQL Injection

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to SQL Injection via the bulk groupBy. An authenticated attacker can execute arbitrary SQL commands by setting a column's title to a crafted SQL fragment, which is then interpolated into a database query without proper...

8.8CVSS6.2AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:19 p.m.7 views

GHSA-JF3G-4GWG-4H66 NocoDB: Stored Cross-Site Scripting via Row Comments

Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...

7.4CVSS5.5AI score0.00288EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 4:19 p.m.7 views

Server-side Request Forgery (SSRF)

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the connection-test endpoint. An authenticated attacker can access internal network resources by supplying a crafted database host value when testing database connections...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 4:19 p.m.10 views

GHSA-W43H-R5M5-P832 NocoDB: Server-Side Request Forgery via Database Connection Host

Summary The connection-test endpoint opened a raw TCP socket to the user-supplied database host without resolving and range-checking the destination, so private and link-local addresses including IPv4-mapped IPv6 forms and localhost reached the driver. Details A new validateDbConnectionHost helpe...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 4:4 p.m.7 views

User Impersonation

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to User Impersonation via the testConnection endpoint when the integration is fetched in a bypass scope and permission checks are insufficiently scoped to the integration's workspace. An attacker can gain unauthorized...

6.9CVSS5.4AI score0.00313EPSS
Exploits0References2
Rows per page
Query Builder