Nocodb

nocodb

Vendor: Nocodb • 30 CVEs

CVEs (30)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-35843 1Nocodb 1Nocodb Dec 12, 2024 Jun 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulne...Show more NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.Show less
CVE-2022-3423 1Nocodb 1Nocodb Feb 25, 2026 Oct 7, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.
CVE-2022-2339 1Nocodb 1Nocodb Aug 26, 2025 Jul 7, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVE-2022-2079 1Nocodb 1Nocodb Aug 26, 2025 Jun 14, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2064 1Nocodb 1Nocodb Aug 26, 2025 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2063 1Nocodb 1Nocodb Aug 26, 2025 Jun 13, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2062 1Nocodb 1Nocodb Aug 26, 2025 Jun 13, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2022 1Nocodb 1Nocodb Aug 26, 2025 Jun 7, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.
CVE-2022-22121 1Nocodb 1Nocodb Aug 26, 2025 Jan 10, 2022 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator acce...Show more In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.Show less
CVE-2022-22120 1Nocodb 1Nocodb Aug 26, 2025 Jan 10, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the ema...Show more In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.Show less

Previous 12