actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-3V2X-9XCV-2V2V...

EUVD-2025-29407

Malicious code in bioql PyPI...

SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

LIVE SELECT statements are used to capture changes to data within a table in real time. Documents included in WHERE conditions and DELETE notifications were not properly reduced to respect the querying user's security context. Instead the leaked documents reflect the context of the user triggerin...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-5Q9X-554G-9JGG...

GHSA-5Q9X-554G-9JGG SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)

SurrealDB offers http functions that can access external network endpoints. A typical, albeit not recommended configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, surreal start --allow-net --deny-net 10.0.0.0/8 will allow a...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-PXW4-94J3-V9PF...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-3824-QMFQ-2QV7...

PT-2025-16150 · Crates.Io · Surrealdb

SurrealDB allows authenticated users with OWNER or EDITOR permissions at the root, database or namespace levels to define their own database functions using the DEFINE FUNCTION statement A custom database function comprises a name together with a function body. In the function body, the user...

GHSA-2CVJ-G5R5-JRRG SurrealDB has local file read of 2-column TSV files via analyzers

An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...

GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts

In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...

SurrealDB vulnerable to memory exhaustion via nested functions and scripts

In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-M7RC-8W7M-R9QR...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-RQ86-9M6R-CM3G...

GHSA-RQ86-9M6R-CM3G SurrealDB has uncaught exception in Net module that leads to database crash

A vulnerability was found where an attacker can crash the database via crafting a HTTP query that returns a null byte. The problem relies on an uncaught exception in the net module, where the result of the query will be converted to JSON before showing as the HTTP response to the user in the /sql...

PT-2025-16019 · Crates.Io · Surrealdb

An authenticated system user at the root, namespace, or database levels can use the DEFINE ANALYZER statement to point to arbitrary file locations on the file system, and should the file be tab separated with two columns, the analyzer can be leveraged to exfiltrate the content. This issue was...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-M52V-24P8-654F...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-JC55-246C-R88F...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-H4F5-H82V-5W4R...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-9722-9J67-VJCR...

actix-session-surrealdb (>=0.1.0 <=0.1.5) potentially affected by unknown CVE via surrealdb (=1.0.0-beta.9)

surrealdb CARGO version =1.0.0-beta.9 is affected by a known vulnerability. The following packages have a transitive dependency on surrealdb and may be impacted: - actix-session-surrealdb =0.1.0, =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-Q3GG-M8HR-H4X4...