Vendor CVEs
Nocodb
All CVEs
58 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2339 | 0.00 | — | 0.01 | Jul 7, 2022 | With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. | |||
| CVE-2022-2079 | 0.00 | — | 0.01 | Jun 14, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||
| CVE-2022-2064 | 0.00 | — | 0.01 | Jun 13, 2022 | Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||
| CVE-2022-2063 | 0.00 | — | 0.01 | Jun 13, 2022 | Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||
| CVE-2022-2062 | 0.00 | — | 0.01 | Jun 13, 2022 | Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||
| CVE-2022-2022 | 0.00 | — | 0.01 | Jun 7, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. | |||
| CVE-2022-22121 | 0.00 | — | 0.01 | Jan 10, 2022 | In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a… | |||
| CVE-2022-22120 | 0.00 | — | 0.01 | Jan 10, 2022 | In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows… |
- CVE-2022-2339Jul 7, 2022risk 0.00cvss —epss 0.01
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
- CVE-2022-2079Jun 14, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.
- CVE-2022-2064Jun 13, 2022risk 0.00cvss —epss 0.01
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.
- CVE-2022-2063Jun 13, 2022risk 0.00cvss —epss 0.01
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
- CVE-2022-2062Jun 13, 2022risk 0.00cvss —epss 0.01
Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.
- CVE-2022-2022Jun 7, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.
- CVE-2022-22121Jan 10, 2022risk 0.00cvss —epss 0.01
In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a…
- CVE-2022-22120Jan 10, 2022risk 0.00cvss —epss 0.01
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows…
Page 2 of 2