dbgate-serve (>=7.0.0 <=7.1.13), dbmodel (>=7.0.0 <=7.1.13) potentially affected by CVE-2026-47670 via dbgate-api (>=7.1.10 <=7.1.8)

dbgate-api NPM version =7.1.10, =7.0.0, =7.0.0, =7.1.13 Source cves: CVE-2026-47670 Source advisory: SNYK:JS-DBGATEAPI-17223765...

CVE-2026-41907 vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, redisinsight, langfuse-fips, argo-workflows, librechat, opensearch-dashboards-fips, actions-runner, homepage, dbgate-fips, wazuh-dashboard, code-server, npm, opensearch-dashboards, renovate, kibana, langfuse, sqlpad, prism, jitsucom-jitsu,...

DbGate has cross site scripting via the SVG Icon String Handler component

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

EUVD-2026-22087

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

dbgate (>=3.9.6 <=4.7.4-alpha.12), dbgate-serve (>=4.1.1 <=7.1.13) +1 more potentially affected by CVE-2026-6216 via dbgate-web (>=3.9.6 <=7.1.4)

dbgate-web NPM version =3.9.6, =3.9.6, =4.1.1, =5.2.2, =7.1.13 Source cves: CVE-2026-6216 Source advisory: OSV:GHSA-J8J5-7R4H-VJ2G...

GHSA-J8J5-7R4H-VJ2G DbGate has cross site scripting via the SVG Icon String Handler component

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

EUVD-2026-22085

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

CVE-2026-6216

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

dbgate-serve (>=7.0.0 <=7.1.13), dbmodel (>=7.0.0 <=7.1.13) potentially affected by CVE-2026-6216 via dbgate-web (>=7.1.10 <=7.1.4)

dbgate-web NPM version =7.1.10, =7.0.0, =7.0.0, =7.1.13 Source cves: CVE-2026-6216 Source advisory: SNYK:JS-DBGATEWEB-16083995...

CVE-2026-6215

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

CVE-2026-6216

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

CVE-2026-6216 DbGate SVG Icon String FontIcon.svelte cross site scripting

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

CVE-2026-6216 DbGate SVG Icon String FontIcon.svelte cross site scripting

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

CVE-2026-6216

DbGate (up to version 7.1.4) contains a cross-site scripting vulnerability in the SVG Icon String Handler, specifically in the file packages/web/src/icons/FontIcon.svelte. The vulnerability arises from manipulation of the argument applicationIcon within the FontIcon component, allowing an attacke...

CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

CVE-2026-6215

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

CVE-2026-6215 DbGate REST/GraphQL openApiDriver.ts apiServerUrl1 server-side request forgery

A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been...

CVE-2026-6215

CVE-2026-6215 affects DbGate up to 7.1.4, specifically the REST/GraphQL component and its function apiServerUrl1 in packages/rest/src/openApiDriver.ts. The underlying issue enables server-side request forgery (SSRF) and may be triggered remotely. An exploit has been publicly available, and the ve...

DbGate 代码问题漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate 7.1.4 and earlier contained a code vulnerability. This vulnerability stemmed from a server-side request forgery issue in the apiServerUrl1 function within the REST/GraphQL component’s...

PT-2026-32518

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...