Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40budibase/server@2.6.26

Type npm

Namespace @budibase

Name server

Version 2.6.26

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.33.4

Latest_non_vulnerable_version 3.38.1

Affected_by_vulnerabilities

url VCID-dhet-rmkd-pqh6

vulnerability_id VCID-dhet-rmkd-pqh6

summary Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization. The password and other connection parameters are directly interpolated into a shell command. This affects packages/server/src/integrations/postgres.ts.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25041

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24321
published_at	2026-06-13T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24311
published_at	2026-06-12T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24115
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25041

reference_url

https://github.com/Budibase/budibase

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase

reference_url

https://github.com/Budibase/budibase/commit/9fdbff32fb9e69650ba899a799e13f80d9b09e93

reference_id

9fdbff32fb9e69650ba899a799e13f80d9b09e93

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T20:31:29Z/

url

https://github.com/Budibase/budibase/commit/9fdbff32fb9e69650ba899a799e13f80d9b09e93

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25041

reference_id

CVE-2026-25041

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25041

reference_url

https://github.com/advisories/GHSA-726g-59wr-cj4c

reference_id

GHSA-726g-59wr-cj4c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-726g-59wr-cj4c

reference_url

https://github.com/Budibase/budibase/security/advisories/GHSA-726g-59wr-cj4c

reference_id

GHSA-726g-59wr-cj4c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T20:31:29Z/

url

https://github.com/Budibase/budibase/security/advisories/GHSA-726g-59wr-cj4c

reference_url

https://github.com/Budibase/budibase/blob/f34d545602a7c94427bae63312a5ee9bf2aa6c85/packages/server/src/integrations/postgres.ts#L529-L531

reference_id

postgres.ts#L529-L531

reference_type

scores

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T20:31:29Z/

url

https://github.com/Budibase/budibase/blob/f34d545602a7c94427bae63312a5ee9bf2aa6c85/packages/server/src/integrations/postgres.ts#L529-L531

fixed_packages

url pkg:npm/%40budibase/server@3.23.32

purl pkg:npm/%40budibase/server@3.23.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g5dd-gava-87ab

vulnerability	VCID-kfvy-pknt-qbgv

vulnerability	VCID-mpmj-pahy-23av

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540budibase/server@3.23.32

aliases CVE-2026-25041, GHSA-726g-59wr-cj4c

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhet-rmkd-pqh6

url VCID-g5dd-gava-87ab

vulnerability_id VCID-g5dd-gava-87ab

summary Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary directories via rmSync and write arbitrary files via tarball extraction to any filesystem path the Node.js process can access. This issue has been patched in version 3.33.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-35214

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19988
published_at	2026-06-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.2018
published_at	2026-06-13T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.2016
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-35214

reference_url

https://github.com/Budibase/budibase

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-35214

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-35214

reference_url

https://github.com/Budibase/budibase/pull/18240

reference_id

18240

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:04:18Z/

url

https://github.com/Budibase/budibase/pull/18240

reference_url

https://github.com/Budibase/budibase/releases/tag/3.33.4

reference_id

3.33.4

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:04:18Z/

url

https://github.com/Budibase/budibase/releases/tag/3.33.4

reference_url

https://github.com/Budibase/budibase/commit/6344d06d703660fd05995e61d581593c2349c879

reference_id

6344d06d703660fd05995e61d581593c2349c879

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:04:18Z/

url

https://github.com/Budibase/budibase/commit/6344d06d703660fd05995e61d581593c2349c879

reference_url

https://github.com/advisories/GHSA-2wfh-rcwf-wh23

reference_id

GHSA-2wfh-rcwf-wh23

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2wfh-rcwf-wh23

reference_url

https://github.com/Budibase/budibase/security/advisories/GHSA-2wfh-rcwf-wh23

reference_id

GHSA-2wfh-rcwf-wh23

reference_type

scores

value	8.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:04:18Z/

url

https://github.com/Budibase/budibase/security/advisories/GHSA-2wfh-rcwf-wh23

fixed_packages

url	pkg:npm/%40budibase/server@3.33.4
purl	pkg:npm/%40budibase/server@3.33.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540budibase/server@3.33.4

aliases CVE-2026-35214, GHSA-2wfh-rcwf-wh23

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5dd-gava-87ab

url VCID-kfvy-pknt-qbgv

vulnerability_id VCID-kfvy-pknt-qbgv

summary Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing arbitrary command execution. This issue has been patched in version 3.33.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25044

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.27209
published_at	2026-06-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27228
published_at	2026-06-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27005
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25044

reference_url

https://github.com/Budibase/budibase

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-25044

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-25044

reference_url

https://github.com/Budibase/budibase/releases/tag/3.33.2

reference_id

3.33.2

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-03T16:45:21Z/

url

https://github.com/Budibase/budibase/releases/tag/3.33.2

reference_url

https://github.com/advisories/GHSA-gjw9-34gf-rp6m

reference_id

GHSA-gjw9-34gf-rp6m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gjw9-34gf-rp6m

reference_url

https://github.com/Budibase/budibase/security/advisories/GHSA-gjw9-34gf-rp6m

reference_id

GHSA-gjw9-34gf-rp6m

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-03T16:45:21Z/

url

https://github.com/Budibase/budibase/security/advisories/GHSA-gjw9-34gf-rp6m

fixed_packages

url	pkg:npm/%40budibase/server@3.33.4
purl	pkg:npm/%40budibase/server@3.33.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540budibase/server@3.33.4

aliases CVE-2026-25044, GHSA-gjw9-34gf-rp6m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfvy-pknt-qbgv

url VCID-mpmj-pahy-23av

vulnerability_id VCID-mpmj-pahy-23av

summary Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. This issue has been patched in version 3.33.4.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-35216

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.56182
published_at	2026-06-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.56317
published_at	2026-06-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.56302
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-35216

reference_url

https://github.com/Budibase/budibase

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-35216

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-35216

reference_url

https://github.com/Budibase/budibase/pull/18238

reference_id

18238

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T16:46:19Z/

url

https://github.com/Budibase/budibase/pull/18238

reference_url

https://github.com/Budibase/budibase/releases/tag/3.33.4

reference_id

3.33.4

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T16:46:19Z/

url

https://github.com/Budibase/budibase/releases/tag/3.33.4

reference_url

https://github.com/Budibase/budibase/commit/f0c731b409a96e401445a6a6030d2994ff4ac256

reference_id

f0c731b409a96e401445a6a6030d2994ff4ac256

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T16:46:19Z/

url

https://github.com/Budibase/budibase/commit/f0c731b409a96e401445a6a6030d2994ff4ac256

reference_url

https://github.com/advisories/GHSA-fcm4-4pj2-m5hf

reference_id

GHSA-fcm4-4pj2-m5hf

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcm4-4pj2-m5hf

reference_url

https://github.com/Budibase/budibase/security/advisories/GHSA-fcm4-4pj2-m5hf

reference_id

GHSA-fcm4-4pj2-m5hf

reference_type

scores

value	9.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-03T16:46:19Z/

url

https://github.com/Budibase/budibase/security/advisories/GHSA-fcm4-4pj2-m5hf

fixed_packages

url	pkg:npm/%40budibase/server@3.33.4
purl	pkg:npm/%40budibase/server@3.33.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540budibase/server@3.33.4

aliases CVE-2026-35216, GHSA-fcm4-4pj2-m5hf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpmj-pahy-23av

url VCID-wmea-cdfy-ffah

vulnerability_id VCID-wmea-cdfy-ffah

summary Budibase affected by VM2 Constructor Escape Vulnerability

references

reference_url

https://github.com/Budibase/budibase

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase

reference_url

https://github.com/Budibase/budibase/commit/601c02a4acc695b1cc602bf611f0ae66d6e5868f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase/commit/601c02a4acc695b1cc602bf611f0ae66d6e5868f

reference_url

https://github.com/advisories/GHSA-4g2x-vq5p-5vj6

reference_id

GHSA-4g2x-vq5p-5vj6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4g2x-vq5p-5vj6

reference_url

https://github.com/Budibase/budibase/security/advisories/GHSA-4g2x-vq5p-5vj6

reference_id

GHSA-4g2x-vq5p-5vj6

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/Budibase/budibase/security/advisories/GHSA-4g2x-vq5p-5vj6

reference_url

https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5

reference_id

GHSA-cchq-frgv-rjh5

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/patriksimek/vm2/security/advisories/GHSA-cchq-frgv-rjh5

fixed_packages

url pkg:npm/%40budibase/server@2.20.0

purl pkg:npm/%40budibase/server@2.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dhet-rmkd-pqh6

vulnerability	VCID-g5dd-gava-87ab

vulnerability	VCID-kfvy-pknt-qbgv

vulnerability	VCID-mpmj-pahy-23av

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540budibase/server@2.20.0

aliases GHSA-4g2x-vq5p-5vj6

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmea-cdfy-ffah

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540budibase/server@2.6.26

Package Instance