5 matches found
dbgate (>=3.9.6 <=4.7.4-alpha.12), dbgate-serve (>=4.1.1 <=7.1.13) +1 more potentially affected by CVE-2026-6216 via dbgate-web (>=3.9.6 <=7.1.4)
dbgate-web NPM version =3.9.6, =3.9.6, =4.1.1, =5.2.2, =7.1.13 Source cves: CVE-2026-6216 Source advisory: OSV:GHSA-J8J5-7R4H-VJ2G...
dbgate-serve (>=7.1.3-alpha.3 <=7.1.13), dbmodel (>=7.1.3-alpha.3 <=7.1.13) potentially affected by CVE-2026-6216 via dbgate-web (>=7.1.10 <=7.1.4)
dbgate-web NPM version =7.1.10, =7.1.3-alpha.3, =7.1.3-alpha.3, =7.1.13 Source cves: CVE-2026-6216 Source advisory: SNYK:JS-DBGATEWEB-16083995...
dbgate-serve (>=7.1.3-alpha.3 <=7.1.13), dbmodel (>=7.1.3-alpha.3 <=7.1.13) potentially affected by CVE-2026-34725 via dbgate-web (>=7.1.10 <=7.1.4)
dbgate-web NPM version =7.1.10, =7.1.3-alpha.3, =7.1.3-alpha.3, =7.1.13 Source cves: CVE-2026-34725 Source advisory: SNYK:JS-DBGATEWEB-15915631...
Arbitrary Code Injection
Overview dbgate-web is a This package is used internally by DbGate Affected versions of this package are vulnerable to Arbitrary Code Injection through the FontIcon rendering path in packages/web/src/icons/FontIcon.svelte. An attacker can execute arbitrary JavaScript in a victim’s browser, or...
dbgate-serve (>=7.1.3-alpha.3 <=7.1.13), dbmodel (>=7.1.3-alpha.3 <=7.1.13) potentially affected by CVE-2026-34725 via dbgate-web (>=7.1.10 <=7.1.4)
dbgate-web NPM version =7.1.10, =7.1.3-alpha.3, =7.1.3-alpha.3, =7.1.13 Source cves: CVE-2026-34725 Source advisory: OSV:GHSA-35XM-QVJG-8M42...