Dgraph-io Dgraph
6 CVEs affecting Dgraph-io Dgraph. Latest disclosed: 2026-04-24. Critical: 5, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34976 | Critical | 10.0 | 2026-04-06 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (a… |
CVE-2026-41492 | Critical | 9.8 | 2026-04-24 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoi… |
CVE-2026-40173 | Critical | 9.4 | 2026-04-15 | Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debu… |
CVE-2026-41328 | Critical | 9.1 | 2026-04-24 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full re… |
CVE-2026-41327 | Critical | 9.1 | 2026-04-24 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full re… |
CVE-2023-31135 | Low | 3.3 | 2023-05-17 | Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 b… |