Every CVE whose affected-product data names Cube Cube.js, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-23510 — CVSS 9.6 (critical): cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security…
CVE-2026-25958 — CVSS 7.7 (high): Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a…
CVE-2023-50709 — CVSS 6.5 (medium): Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable…
CVE-2026-25957 — CVSS 6.5 (medium): Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API…