Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nocodb — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting nocodb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NocoDB is an open-source platform that transforms relational databases into intuitive spreadsheet interfaces, enabling rapid application development without extensive coding. Despite its utility, the software has accumulated twenty-nine recorded Common Vulnerabilities and Exposures (CVEs), indicating significant historical security challenges. Analysis of these flaws reveals a prevalence of critical vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation. These issues often stem from insufficient input validation and improper access control mechanisms within the application’s API layers. While no single catastrophic data breach has been widely publicized as a defining incident, the sheer volume of disclosed CVEs suggests systemic weaknesses in the codebase’s security architecture. Users are advised to prioritize strict patch management and rigorous environment hardening to mitigate risks associated with these known exploitable conditions.

Found 21 results / 29Clear Filters
Top products by nocodb: nocodb nocodb/nocodb
CVE IDTitleCVSSSeverityPublished
CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula — nocodbCWE-89 8.8AIHighAI2026-03-02
CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28396 NocoDB: Refresh Tokens Not Revoked on Password Reset — nocodbCWE-613 7.1AIHighAI2026-03-02
CVE-2026-28361 NocoDB: Missing Ownership Validation in MCP Token Operations — nocodbCWE-639 8.3AIHighAI2026-03-02
CVE-2026-28360 NocoDB: Plaintext Storage of Shared View Passwords — nocodbCWE-256 6.5AIMediumAI2026-03-02
CVE-2026-28359 NocoDB: Stored Cross-Site Scripting via Rich Text Field — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-28358 NocoDB: User Enumeration via Password Reset Endpoint — nocodbCWE-204 5.3AIMediumAI2026-03-02
CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell — nocodbCWE-79 5.4AIMediumAI2026-03-02
CVE-2026-24769 NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload — nocodbCWE-79 5.4AIMediumAI2026-01-28
CVE-2026-24768 NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter — nocodbCWE-601 6.1AIMediumAI2026-01-28
CVE-2026-24767 NocoDB has Blind SSRF via Unvalidated HEAD Request in uploadViaURL Functionality — nocodbCWE-918 4.9 Medium2026-01-28
CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS — nocodbCWE-1321 4.9 Medium2026-01-28
CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page — nocodbCWE-79 5.4 Medium2025-03-06
CVE-2023-49781 NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue — nocodbCWE-79 7.3 High2024-05-13
CVE-2023-50718 NocoDB SQL Injection vulnerability — nocodbCWE-89 6.5 Medium2024-05-13
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content — nocodbCWE-434 5.7 Medium2024-05-13
CVE-2023-43794 SQL Injection in nocodb — nocodbCWE-89 6.5 Medium2023-10-17
CVE-2022-22121 NocoDB - CSV Injection in User Management — nocodbCWE-1236 8.0 High2022-01-10
CVE-2022-22120 NocoDB - Observable Discrepancy in the password-reset feature — nocodbCWE-203 5.3 Medium2022-01-10

This page lists every published CVE security advisory associated with nocodb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.