Home/Product/appsmith
Product

appsmith

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-7299
< 1.99
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in inne
6.3MEDIUM
 CVE-2026-34411
< 1.98
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attacke
5.3MEDIUM
 CVE-2026-30862
< 1.96
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability e
9.0CRITICAL
 CVE-2026-24042
<= 1.94
Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps
9.4CRITICAL
 CVE-2026-22794
< 1.93
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from
9.6CRITICAL
 CVE-2024-55965
< 1.51
An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information
6.5MEDIUM
 CVE-2024-55964
< 1.52
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remo
9.8CRITICAL
 CVE-2024-55963
< 1.51
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart AP
6.5MEDIUM
 CVE-2024-55604
< 1.51
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access
4.3MEDIUM
 CVE-2024-51408
>= 1.8.3 and < 1.46
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve A
8.5HIGH
 CVE-2022-4096
< 1.8.2
Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.
6.5MEDIUM
 CVE-2022-38299
all versions
An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal meta
4.3MEDIUM
 CVE-2022-38298
all versions
Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting
8.8HIGH
 CVE-2022-39824
<= 1.7.14
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the
8.9HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh