@saltcorn/server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @saltcorn/server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-41478 — CVSS 9.9 (critical): Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection…
CVE-2026-40163 — CVSS 8.2 (high): Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST…
CVE-2024-47818 — CVSS 6.5 (medium): Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on…
CVE-2026-42259: Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn…