OsVault/npm/budibase
npm2 critical

budibase

9 known vulnerabilities · 2 critical · 2 high

CVE-2026-27702

Budibase: Remote Code Execution via Unsafe eval() in View Filter Map Function (Budibase Cloud)

Published Feb 25, 2026
CVE-2026-33226

Budibase Unrestricted Server-Side Request Forgery (SSRF) via REST Datasource Query Preview

Published Mar 18, 2026
GHSA-8783-3wgf-jggf

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Published Apr 16, 2026
CVE-2026-25041

@budibase/server: Command Injection in PostgreSQL Dump Command

Published Mar 9, 2026
CVE-2026-35214HIGH
Risk: 43.53/100

Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write

Published Apr 4, 2026
CVE-2026-25044
Risk: 0.02/100

Budibase: Command Injection in Bash Automation Step

Published Apr 3, 2026
CVE-2022-3225HIGH

Budibase Improper Control of Dynamically-Managed Code Resources vulnerability

Published Sep 17, 2022
CVE-2026-31818CRITICAL
Risk: 48/100

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist

Published Apr 3, 2026
CVE-2026-35216CRITICAL
Risk: 45.1/100

Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step

Published Apr 4, 2026
Check your entire dependency tree at onceRun dependency scan →