Lucene search
K

21 matches found

OSV
OSV
added 2026/04/22 2:31 p.m.11 views

GHSA-9237-RG5P-RHFW @saltcorn/data: Tenant user role is used for tenant creation role check

Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...

8.7CVSS5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.22 views

@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.7 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-alpha.17) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.7 views

@saltcorn/admin-models (>=1.0.0 <=1.4.3), @saltcorn/base-plugin (>=1.0.0 <=1.4.3) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.0.0-beta.0 <=1.4.3)

@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.6 views

@christianhugo/mobile-builder (>=0.7.3-beta.3 <=0.7.4-beta.9), @christianhugoch/cli (>=0.7.2-beta.12 <=0.7.2-beta.13) +95 more potentially affected by unknown CVE via @saltcorn/data (>=0.0.2 <=1.4.3)

@saltcorn/data NPM version =0.0.2, =0.7.3-beta.3, =0.7.2-beta.12, =0.1.0, =0.0.1, =1.0.0, =0.1.4, =0.6.4, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2, =1.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9237-RG5P-RHFW...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 2:31 p.m.30 views

@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: OSV:GHSA-9237-RG5P-RHFW...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:51 p.m.6 views

@saltcorn/admin-models (>=1.0.0 <=1.4.5), @saltcorn/base-plugin (>=1.0.0 <=1.4.5) +5 more potentially affected by CVE-2026-41478 via @saltcorn/data (>=1.0.0-beta.0 <=1.4.5)

@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.5 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNDATA-16110991...

9.9CVSS5.8AI score0.00264EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:51 p.m.6 views

@saltcorn/admin-models (>=1.5.0 <=1.5.5-beta.0), @saltcorn/base-plugin (>=1.5.0 <=1.5.5-beta.0) +5 more potentially affected by CVE-2026-41478 via @saltcorn/data (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNDATA-16110991...

9.9CVSS5.8AI score0.00264EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/16 10:51 p.m.6 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.14), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.14) +5 more potentially affected by CVE-2026-41478 via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.4)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.14 Source cves: CVE-2026-41478 Source advisory: SNYK:JS-SALTCORNDATA-16110991...

9.9CVSS5.7AI score0.00264EPSS
Exploits0
Snyk
Snyk
added 2026/04/16 10:51 p.m.5 views

SQL Injection

Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the getSyncRows and getDelRows functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database...

9.9CVSS6.1AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 7:30 p.m.1 views

GHSA-59XV-588H-2VMM @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.6 views

@christianhugo/mobile-builder (>=0.7.3-beta.3 <=0.7.4-beta.9), @christianhugoch/cli (>=0.7.2-beta.12 <=0.7.2-beta.13) +95 more potentially affected by unknown CVE via @saltcorn/data (>=0.0.2 <=1.4.4)

@saltcorn/data NPM version =0.0.2, =0.7.3-beta.3, =0.7.2-beta.12, =0.1.0, =0.0.1, =1.0.0, =0.1.4, =0.6.4, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2, =1.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.6 views

@saltcorn/admin-models (>=1.0.0 <=1.4.3), @saltcorn/base-plugin (>=1.0.0 <=1.4.3) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.0.0-beta.0 <=1.4.3)

@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15991555...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.6 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.14), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.14) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.14 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.7 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-alpha.17) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15991555...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.12 views

@saltcorn/admin-models (>=1.5.0 <=1.5.5-beta.0), @saltcorn/base-plugin (>=1.5.0 <=1.5.5-beta.0) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0 <=1.5.5-beta.0)

@saltcorn/data NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 7:30 p.m.9 views

@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15991555...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/04/10 7:30 p.m.3 views

SQL Injection

Overview @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted input...

8.8CVSS6.2AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/01/26 11:34 p.m.6 views

@saltcorn/admin-models (>=1.5.0-beta.0 <=1.5.0-beta.18), @saltcorn/base-plugin (>=1.5.0-beta.0 <=1.5.0-beta.18) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0-beta.18)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15126137...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/26 11:34 p.m.5 views

@saltcorn/admin-models (>=1.1.1 <=1.4.1-beta.3), @saltcorn/base-plugin (>=1.1.1 <=1.4.1-beta.3) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.1.1 <=1.4.1)

@saltcorn/data NPM version =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.4.1-beta.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15126137...

5.8AI score
Exploits0
Rows per page
Query Builder