pkg:Bitnami/appsmith

All known vulnerabilities

• CRITICAL10.0CVE-2025-41240The Bitnami WordPress Helm chart mounts Kubernetes Secrets under a predictable path (/opt/bitnami/wordpress/secrets) that is located within…
  >= 1.62.0-0, < 1.81.0-1
• CRITICAL9.8CVE-2026-24042Appsmith public apps can execute unpublished actions (viewMode confusion)
  from 0, < 1.95.0
• CRITICAL9.8CVE-2024-55964An issue was discovered in Appsmith before 1.52.
  from 0, < 1.52.0
• CRITICAL9.0CVE-2026-30862Critical Stored XSS & Privilege Escalation in Appsmith
  from 0, < 1.96.0
• HIGH8.9CVE-2022-39824Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server vi…
  from 0, < 1.7.15
• HIGH8.8CVE-2026-22794Account Takeover Vulnerability in Appsmith
  from 0, < 1.93.0
• HIGH8.8CVE-2022-38298Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming…
  >= 1.7.11, < 1.7.12
• MEDIUM6.5CVE-2024-55604Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
  from 0, < 1.51.0
• MEDIUM6.5CVE-2024-55604Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources
  from 0, < 1.51.0
• MEDIUM6.5CVE-2024-55963An issue was discovered in Appsmith before 1.51.
  from 0, < 1.51.0
• MEDIUM6.5CVE-2024-51408AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metada…
  >= 1.8.3, < 1.46.0
• MEDIUM6.5CVE-2022-4096Server-Side Request Forgery (SSRF) in appsmithorg/appsmith
  from 0, < 1.8.2
• MEDIUM4.3CVE-2022-38299An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endp…
  >= 1.7.11, < 1.7.12
• —CVE-2026-34411Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
  from 0, < 1.98.0