Lucene search
K

126 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38117

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 12:14 a.m.31 views

CVE-2026-56214 Capgo - Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.35 views

CVE-2026-56214

Capgo up to version 12.128.1 is affected by an information disclosure in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org, allowing unauthenticated attackers to enumerate organizations and reveal billing status using the public sb_publishable key. Impact is high for confidentiality...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:14 a.m.10 views

EUVD-2026-38100

Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints istrialorg and ispayingorg that allows unauthenticated attackers to enumerate organizations and disclose billing status using the public sbpublishable key. Attackers can invoke these endpoin...

8.7CVSS5.9AI score0.00302EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:56 a.m.7 views

Malicious code in @mastra/auth-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a427f1046e59190d3e1679863dad8dadb7ea1c5b14f0b2dd2b21f586d13ab4e5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:33 p.m.16 views

Malicious code in mcp-server-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/09 8:33 p.m.18 views

MAL-2026-5485 Malicious code in mcp-server-supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8 Package squats the unscoped name mcp-server-supabase to intercept npx mcp-server-supabase invocations intended for the official scoped Supabase Model...

5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/04 6:55 p.m.28 views

MAL-2026-5187 Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa2bdcc065a6d4c2b1512f8b68fed22618050c0435c12890c74a2f1405c62093 Withdrawn Advisory This advisory has been withdrawn because the malware detection was a false positive. This link is maintained to preserve external...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/04 6:55 p.m.47 views

Malicious code in supabase (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffc0b5a7cfe173533053ac607e28d5e000c963fc1fd706bd9eedf57902e11c1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 5:16 a.m.16 views

MAL-2026-4733 Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 5:16 a.m.18 views

Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 11:30 p.m.11 views

MAL-2026-4390 Malicious code in @flowselections/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28cf238827c035b4f3103aff9bf803421b7d16d1c7877d7e74c5fcd71f3283b The package exports a supabase client and LoginPage component wired to a hardcoded Supabase URL https://vmicscahrnzpmhagztmx.supabase.co and anon key...

5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 11:30 p.m.12 views

Malicious code in @flowselections/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28cf238827c035b4f3103aff9bf803421b7d16d1c7877d7e74c5fcd71f3283b The package exports a supabase client and LoginPage component wired to a hardcoded Supabase URL https://vmicscahrnzpmhagztmx.supabase.co and anon key...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/15 8:46 a.m.19 views

Malicious Package

Overview supabase-javascript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/13 4:27 a.m.6 views

MAL-2026-3683 Malicious code in @dropout-ai/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2121b923a39177ed68ce5cf066cbb07891b7cb5d20ecf5ec66f2c953634eff10 On require/import, src/index.js replaces global.fetch with a wrapper that intercepts every fetch whose URL matches openai.com, anthropic.com,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 4:27 a.m.15 views

Malicious code in @dropout-ai/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2121b923a39177ed68ce5cf066cbb07891b7cb5d20ecf5ec66f2c953634eff10 On require/import, src/index.js replaces global.fetch with a wrapper that intercepts every fetch whose URL matches openai.com, anthropic.com,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 12:0 a.m.13 views

Malicious code in supabase-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/13 12:0 a.m.14 views

MAL-2026-3652 Malicious code in supabase-javascript (npm)

Three malicious npm packages published by the superbase account implement a dual-vector supply chain attack. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at .claude/settings and a companion .claude/settings.json that registers the binary as a Claude Code SessionStart hoo...

5.9AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.18 views

Auth 授权问题漏洞

Auth is a user authentication and management system open sourced by Supabase. There were vulnerabilities related to authorization in versions of Auth from 1.18.0 to 1.25.2, and from 2.0.0 to 2.1.2. This vulnerability stemmed from the Patreon OAuth provider, which mapped all authenticated Patreon...

9.1CVSS5.8AI score0.00417EPSS
Exploits0References1
Rows per page
Query Builder