Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/budibase — 6 CVEs · VulnScope
pkg:npm/
budibase
6 total CVEs
CRITICAL
1
HIGH
3
MEDIUM
1
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.9
CVE-2026-27702
Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)
from 0, < 3.30.4
HIGH
8.7
CVE-2026-33226
Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview
from 0, <= 3.30.6
HIGH
7.7
CVE-2026-45061
Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)
from 0, < 3.35.10
HIGH
7.6
Budibase: Unrestricted Upload of File with Dangerous Type
from 0, < 3.38.2
MEDIUM
5.4
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
from 0, < 3.38.1
—
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
from 0, < 3.39.0
CVE-2026-46426
CVE-2026-45718
CVE-2026-48128