Vulnerabilities for surrealdb

surrealdb

Title	Severity	Date	Affected Version
CVE-2025-11060	Medium	Sep 11, 2025	>= 2.3.0 < 2.3.8 >= 2.2.0 < 2.2.8 < 2.1.9 >= 3.0.0-alpha.0 < 3.0.0-alpha.8
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)	Medium	Apr 11, 2025	>= 2.2.0 < 2.2.2 >= 2.1.0 < 2.1.5 < 2.0.5
SurrealDB CPU exhaustion via custom functions result in total DoS	High	Apr 11, 2025	>= 2.2.0 < 2.2.2 >= 2.1.0 < 2.1.5 < 2.0.5
SurrealDB no JavaScript script function default timeout could facilitate DoS	Low	Apr 11, 2025	>= 2.2.0 < 2.2.2 < 2.0.5 >= 2.1.0 < 2.1.5
SurrealDB memory exhaustion via string::replace using regex	High	Apr 11, 2025	>= 2.2.0 < 2.2.2 >= 2.1.0 < 2.1.5 < 2.0.5
SurrealDB server-takeover via SurrealQL injection on backup import	Critical	Apr 11, 2025	>= 2.2.0 < 2.2.2 >= 2.1.0 < 2.1.5 < 2.0.5
SurrealDB has local file read of 2-column TSV files via analyzers	Low	Apr 10, 2025	>= 2.2.0 < 2.2.2 < 2.1.5
SurrealDB vulnerable to memory exhaustion via nested functions and scripts	Medium	Apr 10, 2025	>= 2.2.0 < 2.2.2 >= 2.1.0 < 2.1.5 < 2.0.5
SurrealDB has uncaught exception in Net module that leads to database crash	High	Apr 10, 2025	>= 2.2.0 < 2.2.2 >= 2.1.0 < 2.1.5 < 2.0.5
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User	Medium	Jul 11, 2024	< 1.5.4 >= 2.0.0-alpha.1 < 2.0.0-alpha.6