OsVault/npm/@budibase/server
npm1 critical

@budibase/server

4 known vulnerabilities · 1 critical · 1 high

CVE-2026-25041

@budibase/server: Command Injection in PostgreSQL Dump Command

Published Mar 9, 2026
CVE-2026-35214HIGH
Risk: 43.53/100

Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Published Apr 4, 2026
CVE-2026-25044
Risk: 0.02/100

Budibase: Command Injection in Bash Automation Step

Published Apr 3, 2026
CVE-2026-35216CRITICAL
Risk: 45.1/100

Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step

Published Apr 4, 2026
Check your entire dependency tree at onceRun dependency scan →