Browse all 6 CVE security advisories affecting dgraph-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Dgraph-io provides a distributed graph database focused on scalable data management and query processing. Historically, its vulnerabilities have commonly included remote code execution flaws, cross-site scripting issues, and privilege escalation risks, often stemming from input validation failures and access control weaknesses. While no major public security incidents have been widely documented, the six CVEs on record highlight persistent concerns around API security and improper handling of user inputs. The platform's distributed architecture introduces additional attack surfaces, particularly in inter-node communication protocols. Security researchers note that while vulnerabilities exist, the project maintains relatively rapid patch cycles compared to similar database solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41492 | Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph — dgraphCWE-200 | 9.8 | Critical | 2026-04-24 |
| CVE-2026-41327 | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field — dgraphCWE-943 | 9.1 | Critical | 2026-04-24 |
| CVE-2026-41328 | Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field — dgraphCWE-943 | 9.1 | Critical | 2026-04-24 |
| CVE-2026-40173 | Dgraph: Unauthenticated pprof endpoint leaks admin auth token — dgraphCWE-200 | 9.4 | Critical | 2026-04-15 |
| CVE-2026-34976 | Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization — dgraphCWE-862 | 10.0 | Critical | 2026-04-06 |
| CVE-2023-31135 | Dgraph Audit Log Encryption nonce reuse — dgraphCWE-326 | 3.3 | Low | 2023-05-17 |
This page lists every published CVE security advisory associated with dgraph-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.