Package impact
npm / budibase
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45061 | high | 7.7 | 7.7 | 3d ago | Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… | |||
| CVE-2026-46426 | high | 7.6 | 7.6 | 3d ago | Budibase: Unrestricted Upload of File with Dangerous Type |