Nocodb CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (30 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-5104	1 Nocodb	1 Nocodb	2025-08-26	6.5 Medium
Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.
CVE-2022-2339	1 Nocodb	1 Nocodb	2025-08-26	7.5 High
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
CVE-2022-2063	1 Nocodb	1 Nocodb	2025-08-26	8.8 High
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2064	1 Nocodb	1 Nocodb	2025-08-26	8.8 High
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2062	1 Nocodb	1 Nocodb	2025-08-26	7.5 High
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-2079	1 Nocodb	1 Nocodb	2025-08-26	5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
CVE-2022-22120	1 Nocodb	1 Nocodb	2025-08-26	5.3 Medium
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses.
CVE-2022-22121	1 Nocodb	1 Nocodb	2025-08-26	8 High
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed.
CVE-2022-2022	1 Nocodb	1 Nocodb	2025-08-26	5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.
CVE-2023-35843	1 Nocodb	1 Nocodb	2024-12-12	7.5 High
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.

« first previous Page 2 of 2.