Product:

Nocodb

(Xgenecloud)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 11
Date Id Summary Products Score Patch Annotated
2023-09-21 CVE-2023-5104 Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. Nocodb 6.5
2022-10-07 CVE-2022-3423 Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. Nocodb 6.5
2022-06-13 CVE-2022-2062 Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+. Nocodb 7.5
2022-07-07 CVE-2022-2339 With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information. Nocodb 7.5
2022-06-14 CVE-2022-2079 Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. Nocodb 5.4
2022-06-13 CVE-2022-2063 Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. Nocodb 8.8
2022-06-13 CVE-2022-2064 Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. Nocodb 8.8
2022-06-07 CVE-2022-2022 Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. Nocodb 5.4
2022-01-10 CVE-2022-22120 In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. When requesting a password reset for a given email address, the application displays an error message when the email isn't registered within the system. This allows attackers to enumerate the registered users' email addresses. Nocodb 5.3
2022-01-10 CVE-2022-22121 In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection). A low privileged attacker can create a new table to inject payloads in the table rows. When an administrator accesses the User Management endpoint and exports the data as a CSV file and opens it, the payload gets executed. Nocodb 8.0