VIR Vulnerability Intelligence Relay

Package impact

npm npm / @budibase/server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-45717 high 8.8 8.8 1d ago Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter… npm
CVE-2026-45548 high 7.7 7.7 1d ago Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation npm
CVE-2026-45715 high 7.7 7.7 1d ago Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, … npm
CVE-2026-45719 medium 6.5 6.5 1d ago Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API npm