Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nocodb
(Xgenecloud)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-17 | CVE-2023-43794 | Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The... | Nocodb | 4.9 | ||
| 2023-09-21 | CVE-2023-5104 | Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | Nocodb | 6.5 | ||
| 2022-10-07 | CVE-2022-3423 | Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. | Nocodb | 6.5 | ||
| 2022-06-13 | CVE-2022-2062 | Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. | Nocodb | 7.5 | ||
| 2022-07-07 | CVE-2022-2339 | With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. | Nocodb | 7.5 | ||
| 2022-06-14 | CVE-2022-2079 | Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | Nocodb | 5.4 | ||
| 2022-06-13 | CVE-2022-2063 | Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | Nocodb | 8.8 | ||
| 2022-06-13 | CVE-2022-2064 | Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | Nocodb | 8.8 | ||
| 2022-06-07 | CVE-2022-2022 | Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. | Nocodb | 5.4 | ||
| 2022-01-10 | CVE-2022-22120 | In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses. | Nocodb | 5.3 |