VYPR

npm package

@cubejs-backend/server-core

pkg:npm/%40cubejs-backend/server-core

Vulnerabilities (2)

  • CVE-2026-25958Feb 9, 2026
    affected >= 0.27.19, < 1.0.14fixed 1.0.14

    Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

  • CVE-2026-25957Feb 9, 2026
    affected >= 1.1.17, < 1.4.2fixed 1.4.2

    Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.