PT-2026-32518

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launch...

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate 7.1.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the operation of the applicationIcon parameter in the SVG Icon String Handler component, which allowed for cross-site...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

Arbitrary Code Injection

Overview dbgate-web is a This package is used internally by DbGate Affected versions of this package are vulnerable to Arbitrary Code Injection through the FontIcon rendering path in packages/web/src/icons/FontIcon.svelte. An attacker can execute arbitrary JavaScript in a victim’s browser, or...

dbgate-serve (>=7.0.0 <=7.1.13), dbmodel (>=7.0.0 <=7.1.13) potentially affected by CVE-2026-34725 via dbgate-web (>=7.1.10 <=7.1.4)

dbgate-web NPM version =7.1.10, =7.0.0, =7.0.0, =7.1.13 Source cves: CVE-2026-34725 Source advisory: SNYK:JS-DBGATEWEB-15915631...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

EUVD-2026-18472

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2026-34725

DbGate (multi-platform: web and Electron desktop) contains a stored XSS in the icon rendering path impacting versions 7.0.0–7.1.5. Attacker-controlled SVG icons stored as applicationIcon are rendered without sanitization, enabling script execution in another user’s browser (web UI) and, in Electr...

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate from 7.0.0 to 7.1.5 had a code injection vulnerability. This vulnerability occurred because SVG icon strings controlled by attackers were rendered as raw HTML without being cleaned properly, which could lead to...

dbgate-serve (>=7.0.0 <=7.1.13), dbmodel (>=7.0.0 <=7.1.13) potentially affected by CVE-2026-34725 via dbgate-web (>=7.1.10 <=7.1.4)

dbgate-web NPM version =7.1.10, =7.0.0, =7.0.0, =7.1.13 Source cves: CVE-2026-34725 Source advisory: OSV:GHSA-35XM-QVJG-8M42...

CVE-2026-33036 vulnerabilities

Vulnerabilities for packages: dbgate, kubeflow-pipelines, librechat, tileserver-gl, langfuse-fips, prism, tileserver-gl-fips, kibana, jitsucom-jitsu, langfuse, saf, dbgate-fips, renovate...

GHSA-8GC5-J5RX-235R vulnerabilities

Vulnerabilities for packages: dbgate, kubeflow-pipelines, librechat, tileserver-gl, langfuse-fips, prism, tileserver-gl-fips, kibana, jitsucom-jitsu, langfuse, saf, dbgate-fips, renovate...

GHSA-M7JM-9GC2-MPF2 vulnerabilities

Vulnerabilities for packages: dbgate, tileserver-gl, langfuse-fips, prism, tileserver-gl-fips, kibana, langfuse, saf, dbgate-fips, renovate...

CVE-2026-25896 vulnerabilities

Vulnerabilities for packages: dbgate, tileserver-gl, langfuse-fips, prism, tileserver-gl-fips, kibana, langfuse, saf, dbgate-fips, renovate...

GHSA-37QJ-FRW5-HHJH vulnerabilities

Vulnerabilities for packages: dbgate, kubeflow-pipelines, librechat, tileserver-gl, langfuse-fips, prism, tileserver-gl-fips, kibana, opensearch-dashboards-fips, jitsucom-jitsu, opensearch-dashboards, langfuse, saf, dbgate-fips, renovate...

CVE-2026-25128 vulnerabilities

Vulnerabilities for packages: dbgate, kubeflow-pipelines, librechat, tileserver-gl, langfuse-fips, prism, tileserver-gl-fips, kibana, opensearch-dashboards-fips, jitsucom-jitsu, opensearch-dashboards, langfuse, saf, dbgate-fips, renovate...

EUVD-2025-22773

Malicious code in bioql PyPI...

EUVD-2025-22767

Malicious code in bioql PyPI...

CVE-2025-50185

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...