VYPR

Nhost

by Nhost

Source repositories

CVEs (4)

  • CVE-2026-41574CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.01

    Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's…

  • CVE-2026-34200HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on…

  • CVE-2026-33221MedMar 20, 2026
    risk 0.27cvss 5.3epss 0.00

    Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an…

  • CVE-2026-47671Jun 4, 2026
    risk 0.00cvss epss 0.00

    ### Summary The hidden `nhost configserver` used by `nhost dev` exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service,…