| Title |
Severity |
Exploit |
Date |
Affected Version |
|
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
|
Medium
|
|
Sep 11, 2025
|
>= 2.3.0 < 2.3.8
>= 2.2.0 < 2.2.8
< 2.1.9
|
|
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
|
Medium
|
|
Apr 11, 2025
|
>= 2.2.0 < 2.2.2
>= 2.1.0 < 2.1.5
< 2.0.5
|
|
SurrealDB CPU exhaustion via custom functions result in total DoS
|
High
|
|
Apr 11, 2025
|
>= 2.2.0 < 2.2.2
>= 2.1.0 < 2.1.5
< 2.0.5
|
|
SurrealDB no JavaScript script function default timeout could facilitate DoS
|
Low
|
|
Apr 11, 2025
|
>= 2.2.0 < 2.2.2
< 2.0.5
>= 2.1.0 < 2.1.5
|
|
SurrealDB memory exhaustion via string::replace using regex
|
High
|
|
Apr 11, 2025
|
>= 2.2.0 < 2.2.2
>= 2.1.0 < 2.1.5
< 2.0.5
|
|
SurrealDB server-takeover via SurrealQL injection on backup import
|
Critical
|
|
Apr 11, 2025
|
>= 2.2.0 < 2.2.2
>= 2.1.0 < 2.1.5
< 2.0.5
|
|
SurrealDB has local file read of 2-column TSV files via analyzers
|
Low
|
|
Apr 10, 2025
|
>= 2.2.0 < 2.2.2
< 2.1.5
|
|
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
|
Medium
|
|
Apr 10, 2025
|
>= 2.2.0 < 2.2.2
>= 2.1.0 < 2.1.5
< 2.0.5
|
|
SurrealDB has uncaught exception in Net module that leads to database crash
|
High
|
|
Apr 10, 2025
|
>= 2.2.0 < 2.2.2
>= 2.1.0 < 2.1.5
< 2.0.5
|
|
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
|
Medium
|
|
Jul 11, 2024
|
< 1.5.4
>= 2.0.0-alpha.1 < 2.0.0-alpha.6
|
surrealdb