Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted Moderate
CVE-2026-49997 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Field-level SELECT permissions bypassed via indexed COUNT fast paths Moderate
GHSA-c8jx-96c9-8xrp was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: USE NS/DB implicit creation bypasses DEFINE authorization Moderate
GHSA-wp87-mgvq-5j93 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Authenticated subscribers can read records hidden by SELECT permissions via LIVE subscriptions Moderate
GHSA-6wqw-vhfr-9999 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has bypass of field-level SELECT permissions through JSON Patch `copy` and `move` with empty `from` Moderate
GHSA-fpxg-5xmv-922m was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has an Authorization Bypass via Composite Record-id Paths Moderate
GHSA-6vg3-hgrw-p5gf was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Graph traversal bypasses table SELECT permissions Moderate
GHSA-vjjx-rfw4-rmfc was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Scraping a TABLE with no available PERMISSIONS to current auth level Moderate
GHSA-98fx-66cf-fc7c was published for surrealdb (Rust) Jul 1, 2026
LucyEgan Credited to LucyEgan
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals Moderate
GHSA-hv6h-hc26-q48p was published for surrealdb (Rust) Jun 19, 2026
fallintoplace Credited to fallintoplace
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user` Moderate
CVE-2026-47128 was published for nono-cli (Rust) May 28, 2026
cgwalters Credited to cgwalters and NickCao NickCao NickCao
uutils coreutils has an Incorrect Authorization issue Moderate
CVE-2026-35370 was published for coreutils (Rust) Apr 22, 2026
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy Credited to littledivy and 0f-0b 0f-0b 0f-0b
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy Credited to kearfy
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
Deno run with --allow-read and --deny-read flags results in allowed Moderate
CVE-2025-48888 was published for deno (Rust) Jun 4, 2025
nayeemrmn Credited to nayeemrmn
dkasak Credited to dkasak and poljar poljar poljar
ProTip! Advisories are also available from the GraphQL API