Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: nocobase Clear
ID Title
CVE-2026-41640 SQL Injection in @nocobase/database (CVE-2026-41640)
SQL injection in @nocobase/database (CVE-2026-41640). Successful exploitation can lead to full system takeover. Exploitable via ``nodeIds``. Mitigation: upgrade to `2.0.39` or later.
CVE-2026-40346 SSRF (Server-Side Request Forgery) in @nocobase/plugin-workflow-request (CVE-2026-40346)
SSRF in @nocobase/plugin-workflow-request (CVE-2026-40346). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `2.0.37` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →