If you notice a security vulnerability, please let the team know by sending an email to security@tooljet.com.
Security: ToolJet/ToolJet
Security
SECURITY.md
-
Credential decryption (IDOR) in POST /api/data-sources/decrypt - authenticated user can decrypt data-source secretsGHSA-x7qj-hfg8-p4cw published
Jun 12, 2026 by shubh22Moderate -
ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code ExecutionGHSA-jgmf-cw3v-r98x published
Jun 12, 2026 by shubh22Critical -
ToolJet Cloud - SSRF to Azure Cloud Infrastructure CompromiseGHSA-h49f-mhmm-jx4w published
Jun 12, 2026 by shubh22High
Learn more about advisories related to ToolJet/ToolJet in the GitHub Advisory Database