Package impact
NPM / budibase
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45061 | high | 7.7 | 7.7 | 2d ago | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… | |||
| CVE-2026-46426 | high | 7.6 | 7.6 | 2d ago | Budibase: Unrestricted Upload of File with Dangerous Type | |||
| CVE-2026-45718 | medium | 5.4 | 5.4 | 2d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is… |