Budibase Vulnerabilities
Comprehensive security vulnerability database for Budibase products
2
1
2
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-27702 | 9.0 | This vulnerability allows any authenticated user of Budibase Cloud to run arbitrary JavaScript code on the server, potentially exposing sensitive information like database credentials and user email addresses. It affects all users, including those on free accounts, and is only present in versions prior to 3.30.4. | budibasebudibase | Exploit Available | about 1 month agoFeb 25, 2026 |
| CVE-2022-3225 | 5.7 | This vulnerability allows an attacker to execute arbitrary code within the Budibase application, potentially leading to unauthorized access or data manipulation. It requires the attacker to have some level of access to the system where Budibase is running, making it important for users to update to version 1.3.20 or later to mitigate the risk. | budibasebudibase | Exploit Available | over 3 years agoSep 16, 2022 |
About Budibase Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Budibase products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.