VYPR

npm package

dbgate-web

pkg:npm/dbgate-web

Vulnerabilities (2)

  • CVE-2026-6216LowApr 13, 2026
    affected < 7.1.5fixed 7.1.5

    A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The att

  • CVE-2026-34725HigApr 2, 2026
    affected >= 7.0.0, < 7.1.5fixed 7.1.5

    DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another use