@budibase/server
js · @budibase/serverCritical
@budibase/server: OAuth2 token fetch and REST integration lack SSRF protection
OAuth2 token fetch in packages/server/src/sdk/workspace/oauth2/utils.
13 Jun 2026 · act now
js · @budibase/serverCritical
@budibase/server: Unauthenticated webhook schema update vulnerability
The webhook schema-building endpoint at POST /api/webhooks/schema/:instance/:id is incorrectly bypassed by authorization middlewar
13 Jun 2026 · act now