Package impact
Go / github.com/dgraph-io/dgraph/v25
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41492 | critical | 9.8 | 9.8 | 1mo ago | Dgraph: Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars | |
| CVE-2026-41328 | critical | 9.1 | 9.1 | 1mo ago | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field | |
| CVE-2026-41327 | critical | 9.1 | 9.1 | 1mo ago | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field | |
| CVE-2026-40173 | unknown | — | — | 1mo ago | Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints | |
| CVE-2026-34976 | unknown | — | — | 2mo ago | Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization |