Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
dkasak Credited to dkasak and poljar poljar poljar
Deno run with --allow-read and --deny-read flags results in allowed Moderate
CVE-2025-48888 was published for deno (Rust) Jun 4, 2025
nayeemrmn Credited to nayeemrmn
Deno has --allow-read / --allow-write permission bypass in `node:sqlite` Moderate
CVE-2025-48935 was published for deno (Rust) Jun 4, 2025
littledivy Credited to littledivy and 0f-0b 0f-0b 0f-0b
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy Credited to kearfy
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
uutils coreutils has an Incorrect Authorization issue Moderate
CVE-2026-35370 was published for coreutils (Rust) Apr 22, 2026
nono: Sandbox escape on Linux via D-Bus: `systemd-run --user` Moderate
CVE-2026-47128 was published for nono-cli (Rust) May 28, 2026
cgwalters Credited to cgwalters and NickCao NickCao NickCao
fallintoplace Credited to fallintoplace
SurrealDB: Field-level SELECT permissions bypassed via graph and reference traversals Moderate
GHSA-hv6h-hc26-q48p was published for surrealdb (Rust) Jun 19, 2026
SurrealDB: Scraping a TABLE with no available PERMISSIONS to current auth level Moderate
GHSA-98fx-66cf-fc7c was published for surrealdb (Rust) Jul 1, 2026
LucyEgan Credited to LucyEgan
SurrealDB: Graph traversal bypasses table SELECT permissions Moderate
GHSA-vjjx-rfw4-rmfc was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has an Authorization Bypass via Composite Record-id Paths Moderate
GHSA-6vg3-hgrw-p5gf was published for surrealdb (Rust) Jul 1, 2026
SurrealDB has bypass of field-level SELECT permissions through JSON Patch `copy` and `move` with empty `from` Moderate
GHSA-fpxg-5xmv-922m was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Authenticated subscribers can read records hidden by SELECT permissions via LIVE subscriptions Moderate
GHSA-6wqw-vhfr-9999 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: USE NS/DB implicit creation bypasses DEFINE authorization Moderate
GHSA-wp87-mgvq-5j93 was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Field-level SELECT permissions bypassed via indexed COUNT fast paths Moderate
GHSA-c8jx-96c9-8xrp was published for surrealdb (Rust) Jul 1, 2026
SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted Moderate
CVE-2026-49997 was published for surrealdb (Rust) Jul 1, 2026
ProTip! Advisories are also available from the GraphQL API