Lucene search

K

Nocodb Security Vulnerabilities

cve
cve

CVE-2023-50717

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....

5.7CVSS

6AI Score

0.0004EPSS

2024-05-14 02:17 PM
28
cve
cve

CVE-2023-49781

NocoDB is software for building databases as spreadsheets. Prior to 0.202.9, a stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are...

7.3CVSS

5.7AI Score

0.0004EPSS

2024-05-14 02:06 PM
20
cve
cve

CVE-2023-50718

NocoDB is software for building databases as spreadsheets. Prior to version 0.202.10, an authenticated attacker with create access could conduct a SQL Injection attack on MySQL DB using unescaped table_name. This vulnerability may result in leakage of sensitive data in the database. Version...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-05-14 02:17 PM
33
cve
cve

CVE-2023-43794

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

6.5CVSS

5.3AI Score

0.001EPSS

2023-10-17 09:15 PM
41
cve
cve

CVE-2023-5104

Improper Input Validation in GitHub repository nocodb/nocodb prior to...

6.5CVSS

5.9AI Score

0.0005EPSS

2023-09-21 09:15 AM
80
cve
cve

CVE-2022-3423

Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to...

7.3CVSS

6.4AI Score

0.001EPSS

2022-10-07 11:15 AM
44
6
cve
cve

CVE-2023-35843

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the...

7.5CVSS

7.5AI Score

0.056EPSS

2023-06-19 06:15 PM
15
cve
cve

CVE-2022-2062

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to...

7.5CVSS

7.5AI Score

0.001EPSS

2022-06-13 12:15 PM
27
4
cve
cve

CVE-2022-2339

With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive...

7.5CVSS

7.2AI Score

0.001EPSS

2022-07-07 04:15 AM
39
12
cve
cve

CVE-2022-2079

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to...

5.4CVSS

5.3AI Score

0.001EPSS

2022-06-14 09:15 AM
40
6
cve
cve

CVE-2022-2064

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to...

8.8CVSS

8.7AI Score

0.001EPSS

2022-06-13 12:15 PM
35
4
cve
cve

CVE-2022-2063

Improper Privilege Management in GitHub repository nocodb/nocodb prior to...

8.8CVSS

8.7AI Score

0.002EPSS

2022-06-13 12:15 PM
36
5
cve
cve

CVE-2022-2022

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to...

5.4CVSS

5.3AI Score

0.001EPSS

2022-06-07 08:15 PM
52
5
cve
cve

CVE-2022-22120

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the.....

5.3CVSS

5.3AI Score

0.001EPSS

2022-01-10 04:15 PM
28
cve
cve

CVE-2022-22121

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens....

8CVSS

7.7AI Score

0.001EPSS

2022-01-10 04:15 PM
37