@budibase/worker
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting @budibase/workerpage 1 of 1
- CVE-2022-3225HIGHCVSS 8.8EG 8.8✓ Fixed in 1.3.202022-09-16
Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.
- CVE-2026-45716HIGHCVSS 8.8EG 8.8✓ Fixed in 3.38.12026-05-18
Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not …
Check whether @budibase/worker is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @budibase/worker CVEs against the assets you own.
Start Free Scan →