Improper Neutralization Of Special Elements In Data Query Logic

Dgraph is vulnerable to Improper Neutralization of Special Elements in Data Query Logic. The vulnerability is due to improper sanitization of the user-controlled cond field in upsert mutations, which allows an attacker to inject arbitrary DQL query blocks and gain unauthorized read access to...

Information Exposure

Dgraph is vulnerable to Information Exposure. The vulnerability is due to exposure of process command-line arguments through the unauthenticated /debug/vars endpoint, which allows an attacker to obtain sensitive admin tokens and gain unauthorized access to admin-only endpoints...

Missing Authentication

github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...

Unauthenticated Credential Disclosure

github.com/dgraph-io/dgraph is vulnerable to an unauthenticated credential disclosure. The vulnerability is due to the /debug/pprof/cmdline endpoint being accessible without authentication, which exposes the full process command line including the admin token, allowing an attacker to retrieve the...

CVE-2026-41327 vulnerabilities

Vulnerabilities for packages: dgraph...

CVE-2026-41328 vulnerabilities

Vulnerabilities for packages: dgraph...

GHSA-X92X-PX7W-4GX4 vulnerabilities

Vulnerabilities for packages: dgraph...

CVE-2026-41492 vulnerabilities

Vulnerabilities for packages: dgraph...

GHSA-VVF7-6RMR-M29Q vulnerabilities

Vulnerabilities for packages: dgraph...

GHSA-MRXX-39G5-PH77 vulnerabilities

Vulnerabilities for packages: dgraph...

CVE-2026-41328 vulnerabilities

Vulnerabilities for packages: dgraph...

GHSA-VVF7-6RMR-M29Q vulnerabilities

Vulnerabilities for packages: dgraph...

GHSA-MRXX-39G5-PH77 vulnerabilities

Vulnerabilities for packages: dgraph...

CVE-2026-41327 vulnerabilities

Vulnerabilities for packages: dgraph...

GHSA-X92X-PX7W-4GX4 vulnerabilities

Vulnerabilities for packages: dgraph...

CVE-2026-41492 vulnerabilities

Vulnerabilities for packages: dgraph...

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/v25/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the cond field in an upsert...

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the cond field in an upsert mutation. ...

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the addQueryIfUnique function. An...

Improper Neutralization of Special Elements in Data Query Logic

Overview github.com/dgraph-io/dgraph/v25/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the addQueryIfUnique function. An...