Package impact
npm / @budibase/server
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-45717 | high | 8.8 | 8.8 | 18h ago | Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter… | |
| CVE-2026-45548 | high | 7.7 | 7.7 | 18h ago | Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation | |
| CVE-2026-45715 | high | 7.7 | 7.7 | 18h ago | Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration | |
| CVE-2026-45719 | medium | 6.5 | 6.5 | 18h ago | Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API |