Security Advisories for @budibase/server in npm
High
10 days ago
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
npm
@budibase/server
High
10 days ago
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema
npm
@budibase/server
Critical
10 days ago
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
npm
@budibase/server
Moderate
10 days ago
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
npm
@budibase/server
High
10 days ago
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
npm
@budibase/server
Moderate
about 1 month ago
Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API
npm
@budibase/server
High
about 1 month ago
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
npm
@budibase/server
High
about 1 month ago
Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation
npm
@budibase/server
Critical
3 months ago
Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step
npm
@budibase/server
High
3 months ago
Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write
npm
@budibase/server
High
3 months ago
@budibase/server: Command Injection in PostgreSQL Dump Command
npm
@budibase/server
Critical
over 2 years ago
Budibase affected by VM2 Constructor Escape Vulnerability
npm
@budibase/server
Potential
Moderate
almost 4 years ago
Budibase Improper Control of Dynamically-Managed Code Resources vulnerability
npm
@budibase/bbui, @budibase/builder, @budibase/worker