VYPR

Dgraph

by Dgraph

Source repositories

CVEs (5)

  • CVE-2026-34976CriApr 6, 2026
    risk 0.58cvss 10.0epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (admin.go), making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy…

  • CVE-2026-41492CriApr 24, 2026
    risk 0.57cvss 9.8epss 0.02

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an…

  • CVE-2026-40173CriApr 15, 2026
    risk 0.54cvss 9.4epss 0.01

    Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full…

  • CVE-2026-41328CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled.…

  • CVE-2026-41327CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled.…