Browse all 6 CVE security advisories affecting nocobase. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nocobase is an open-source low-code platform enabling application development and workflow automation through visual interfaces. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its six recorded CVEs. These vulnerabilities often stem from improper input validation and insufficient access controls in its API endpoints and frontend components. While no major public security incidents have been widely reported, the consistent pattern of critical vulnerabilities in its CVE history suggests potential risks for organizations deploying Nocobase without rigorous hardening and regular security updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6224 | nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox — plugin-workflow-javascriptCWE-265 | 7.3 | High | 2026-04-13 |
This page lists every published CVE security advisory associated with nocobase. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.