Lucene search
K

126 matches found

CVE
CVE
added 2025/05/27 3:27 p.m.64 views

CVE-2025-48370

CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...

6.9CVSS5.2AI score0.00745EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/27 12:0 a.m.5 views

auth-js 路径遍历漏洞

auth-js is a Supabase Auth isomorphic Javascript library open-sourced by Supabase. A path traversal vulnerability exists in versions of auth-js prior to 2.69.1, which stems from an unvalidated user-supplied UUID and could lead to URL path traversal...

6.9CVSS6.4AI score0.00745EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:48 a.m.22 views

CVE-2024-34354

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

6.5CVSS6.5AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.5 views

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

9.8CVSS9.7AI score0.00786EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:20 a.m.10 views

CVE-2024-5885

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS8.6AI score0.00554EPSS
Exploits1References1
OSV
OSV
added 2024/10/16 1:21 p.m.2 views

MAL-2024-9871 Malicious code in supabase-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b78f378246a539beb5412842ab5c310cac8566237afbc3ecb3535f85ca74b5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:21 p.m.7 views

Malicious code in supabase-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b78f378246a539beb5412842ab5c310cac8566237afbc3ecb3535f85ca74b5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
NVD
NVD
added 2024/06/27 7:15 p.m.35 views

CVE-2024-5885

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS0.00554EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/27 6:45 p.m.14 views

CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS7.2AI score0.00554EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/27 6:45 p.m.29 views

CVE-2024-5885 Server-Side Request Forgery (SSRF) in stangirard/quivr

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery SSRF vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnerability could allow a malicious user to gain acces...

8.6CVSS0.00554EPSS
Exploits1References1
CVE
CVE
added 2024/06/27 6:45 p.m.52 views

CVE-2024-5885

CVE-2024-5885 concerns the Quivr project: stangirard/quivr v0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The issue arises from insufficient controls when the crawler accesses external websites, enabling an attacker to reach internal/local-network resources, including inter...

8.6CVSS8.6AI score0.00554EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/05/14 3:38 p.m.34 views

CVE-2024-34354

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

6.5CVSS6.4AI score0.00292EPSS
Exploits0References3
OSV
OSV
added 2024/05/09 2:51 p.m.33 views

CVE-2024-34354 CMSaasStarter: JWT Token Not Verified on Server Session

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

6.5CVSS6.8AI score0.00292EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/05/09 2:51 p.m.14 views

CVE-2024-34354 CMSaasStarter: JWT Token Not Verified on Server Session

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

6.5CVSS6.8AI score0.00292EPSS
Exploits0References3
CVE
CVE
added 2024/05/09 2:51 p.m.55 views

CVE-2024-34354

CMSaaSStarter JWT token not verified on server session affects forks prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6. Affected software: CMSaaSStarter templates, built with SvelteKit/Tailwind/Supabase. Root cause: user JWT token not validated on the server session. Remediation: apply pat...

6.5CVSS6.7AI score0.00292EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/09 2:51 p.m.45 views

CVE-2024-34354 CMSaasStarter: JWT Token Not Verified on Server Session

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

6.5CVSS6.6AI score0.00292EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:2 a.m.15 views

BIT-POSTGRESQL-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

9.8CVSS9.8AI score0.00786EPSS
Exploits0References5
NVD
NVD
added 2024/02/08 6:15 p.m.15 views

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

9.8CVSS9.8AI score0.00786EPSS
Exploits0References5
OSV
OSV
added 2024/02/08 6:15 p.m.5 views

CVE-2024-24213

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

9.8CVSS9.8AI score0.00786EPSS
Exploits0References5
Prion
Prion
added 2024/02/08 6:15 p.m.17 views

Sql injection

Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pgmeta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically,...

7.5CVSS9.8AI score0.00786EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder