VYPR

Vendor CVEs

Nocodb

All CVEs

58 total · sorted by risk
  • CVE-2022-2339Jul 7, 2022
    risk 0.00cvss epss 0.01

    With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.

  • CVE-2022-2079Jun 14, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.

  • CVE-2022-2064Jun 13, 2022
    risk 0.00cvss epss 0.01

    Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.

  • CVE-2022-2063Jun 13, 2022
    risk 0.00cvss epss 0.01

    Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.

  • CVE-2022-2062Jun 13, 2022
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.

  • CVE-2022-2022Jun 7, 2022
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.

  • CVE-2022-22121Jan 10, 2022
    risk 0.00cvss epss 0.01

    In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a…

  • CVE-2022-22120Jan 10, 2022
    risk 0.00cvss epss 0.01

    In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows…

Page 2 of 2