Package impact
npm / nocodb
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-46552 | medium | — | 5.5 | 7d ago | NocoDB: Shared-base link access can invite arbitrary users as persistent base members | |
| CVE-2026-46551 | medium | — | 5.5 | 7d ago | NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion | |
| CVE-2026-46550 | medium | — | 5.5 | 7d ago | NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags | |
| CVE-2026-46548 | medium | — | 5.5 | 7d ago | NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams) | |
| CVE-2026-46547 | medium | — | 5.5 | 7d ago | NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL |