Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

@budibase/backend-core

View on npm registry
5 Total advisories
5 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 6.5
npm

CVE-2026-48147

Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

MEDIUM 4.2
npm

CVE-2026-46424

Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour
HIGH 8.1
npm

CVE-2026-42239

Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
CRITICAL 9.1
npm

CVE-2026-41428

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
CRITICAL 9.6
npm

CVE-2026-31818

Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes