Package impact
npm / budibase
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45061 | high | 7.7 | 7.7 | 2d ago | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… | |||
| CVE-2026-46426 | high | 7.6 | 7.6 | 2d ago | Budibase: Unrestricted Upload of File with Dangerous Type | |||
| CVE-2026-45718 | medium | 5.4 | 5.4 | 2d ago | Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint (POST /api/tables/:sourceId/actions/:actionId/trigger) fails to validate that the user-supplied rowId is… | |||
| CVE-2026-33226 | unknown | — | — | 2mo ago | Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview | |||
| CVE-2026-27702 | unknown | — | — | 3mo ago | Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud) |