Dbgate

Source repositories

https://github.com/dbgate/dbgate

CVEs (8)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-47670	Dbgate Dbgate	cri	0.52	—	—	Jun 5, 2026	### Summary DbGate is vulnerable to authenticated Remote Code Execution (RCE). Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized `functionName` parameter in the `/runners/load-reader` endpoint. The `require = null`…
CVE-2026-47669	Dbgate Dbgate	cri	0.52	—	—	Jun 5, 2026	The `unzipDirectory()` function in `packages/api/src/shell/unzipDirectory.js` (line 27) does not validate that extracted file paths stay within the output directory. A malicious ZIP with `../` entries writes files anywhere on the filesystem. In the default Docker deployment,…
CVE-2026-47668	Dbgate Dbgate	cri	0.52	—	—	Jun 5, 2026	### Summary DbGate's JSON script runner (`POST /runners/start`) allows remote code execution via code injection in the `functionName` parameter of JSON script `assign` commands. The `functionName` value is interpolated directly into dynamically generated JavaScript source code…
CVE-2026-34725	Dbgate Dbgate	Hig	0.46	8.2	0.00	Apr 2, 2026	DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another…
CVE-2025-50185	Dbgate Dbgate	Hig	0.46	—	0.01	Jul 26, 2025	DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their…
CVE-2025-50184	Dbgate Dbgate	Hig	0.39	—	0.00	Jul 26, 2025	DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the…
CVE-2026-48017	Dbgate Dbgate	hig	0.38	—	—	Jun 5, 2026	### Summary The `POST /runners/load-reader` endpoint in DbGate accepts a `functionName` parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can…
CVE-2026-6216	Dbgate Dbgate	Low	0.16	3.5	0.00	Apr 13, 2026	A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The…

CVE-2026-47670criJun 5, 2026
Dbgate
Dbgate
risk 0.52cvss —epss —
### Summary DbGate is vulnerable to authenticated Remote Code Execution (RCE). Any user with valid DbGate credentials can execute arbitrary OS commands as root by exploiting an unsanitized `functionName` parameter in the `/runners/load-reader` endpoint. The `require = null`…
CVE-2026-47669criJun 5, 2026
Dbgate
Dbgate
risk 0.52cvss —epss —
The `unzipDirectory()` function in `packages/api/src/shell/unzipDirectory.js` (line 27) does not validate that extracted file paths stay within the output directory. A malicious ZIP with `../` entries writes files anywhere on the filesystem. In the default Docker deployment,…
CVE-2026-47668criJun 5, 2026
Dbgate
Dbgate
risk 0.52cvss —epss —
### Summary DbGate's JSON script runner (`POST /runners/start`) allows remote code execution via code injection in the `functionName` parameter of JSON script `assign` commands. The `functionName` value is interpolated directly into dynamically generated JavaScript source code…
CVE-2026-34725HigApr 2, 2026
Dbgate
Dbgate
risk 0.46cvss 8.2epss 0.00
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another…
CVE-2025-50185HigJul 26, 2025
Dbgate
Dbgate
risk 0.46cvss —epss 0.01
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their…
CVE-2025-50184HigJul 26, 2025
Dbgate
Dbgate
risk 0.39cvss —epss 0.00
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the…
CVE-2026-48017higJun 5, 2026
Dbgate
Dbgate
risk 0.38cvss —epss —
### Summary The `POST /runners/load-reader` endpoint in DbGate accepts a `functionName` parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user (with basic access, no special permissions required) can…
CVE-2026-6216LowApr 13, 2026
Dbgate
Dbgate
risk 0.16cvss 3.5epss 0.00
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The…