13 matches found
CVE-2026-30870
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (>=0.0.0-dev-20240918082156 <=0.32.0)
@powersync/service-sync-rules NPM version =0.0.0-dev-20240918082156, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20250827072023, =0.0.0-dev-20260114113449, =0.0.0-dev-20250827072023, =0.0.0-dev-20260225123311,...
PowerSync Service 授权问题漏洞
PowerSync Service is a local-first synchronization engine developed by PowerSync as open source. Version 1.20.0 of PowerSync Service contains an authorization vulnerability. This vulnerability arises from ignoring certain subquery filters when using a new synchronization stream, which may allow...
EUVD-2026-10416
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
EUVD-2026-10417
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
CVE-2026-30870
CVE-2026-30870 affects PowerSync Service (server-side of the PowerSync sync engine). In version 1.20.0, using new sync streams with config.edition: 3, certain subquery filters could be ignored when deciding which data to sync to users, potentially allowing authenticated users to receive data that...
CVE-2026-30870 Some sync filters in PowerSync Service ignored using `config.edition: 3`
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
CVE-2026-30870 Some sync filters in PowerSync Service ignored using `config.edition: 3`
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
CVE-2026-30870 Some sync filters in PowerSync Service ignored using `config.edition: 3`
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3`
Impact In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in authenticated users syncing data that should have been restricted. Onl...
@powersync/cli-core (>=0.0.0-dev-20260305082615 <=0.9.2), @powersync/cli-plugin-config-edit (>=0.0.0-dev-20260305082615 <=0.9.2) +19 more potentially affected by CVE-2026-30870 via @powersync/service-sync-rules (=0.32.0)
@powersync/service-sync-rules NPM version =0.32.0 is affected by a known vulnerability. The following packages have a transitive dependency on @powersync/service-sync-rules and may be impacted: - @powersync/cli-core =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615, =0.0.0-dev-20260305082615,...
GHSA-Q6WC-XX4M-92FJ PowerSync: Some sync filters ignored on 1.20.0 using `config.edition: 3`
Impact In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in authenticated users syncing data that should have been restricted. Onl...
PT-2026-24089
Name of the Vulnerable Software and Affected Versions PowerSync versions prior to 1.20.1 Description The PowerSync Service, a server-side component of the PowerSync sync engine, had an issue in version 1.20.0 where subquery filters were ignored when determining data synchronization for users with...