🛡️ Supabase Security Audit

Automated Ninja Scan: 2026-04-19 03:00

User: spbs
supabase-edge-functions
CRITICAL: 0 HIGH: 28
supabase-kong
CRITICAL: 0 HIGH: 1
supabase-studio
CRITICAL: 5 HIGH: 64

Critical Vulnerabilities Details

Vulnerability ID Package Version Fixed In
CVE-2025-7458 libsqlite3-0 3.40.1-2+deb12u2 N/A
CVE-2026-6100 libpython3.11-minimal 3.11.2-6+deb12u6 N/A
CVE-2026-6100 libpython3.11-stdlib 3.11.2-6+deb12u6 N/A
CVE-2026-6100 python3.11 3.11.2-6+deb12u6 N/A
CVE-2026-6100 python3.11-minimal 3.11.2-6+deb12u6 N/A
supabase-storage
CRITICAL: 3 HIGH: 25

Critical Vulnerabilities Details

Vulnerability ID Package Version Fixed In
CVE-2026-6100 python3 3.12.12-r0 N/A
GHSA-xq3m-2v4x-88gg protobufjs 7.5.4 7.5.5
GHSA-xq3m-2v4x-88gg protobufjs 8.0.0 8.0.1
supabase-analytics
CRITICAL: 0 HIGH: 31
supabase-meta
CRITICAL: 0 HIGH: 36
realtime-dev.supabase-realtime
CRITICAL: 5 HIGH: 84

Critical Vulnerabilities Details

Vulnerability ID Package Version Fixed In
CVE-2025-7458 libsqlite3-0 3.40.1-2+deb12u2 N/A
CVE-2026-6100 libpython3.11-minimal 3.11.2-6+deb12u6 N/A
CVE-2026-6100 libpython3.11-stdlib 3.11.2-6+deb12u6 N/A
CVE-2026-6100 python3.11 3.11.2-6+deb12u6 N/A
CVE-2026-6100 python3.11-minimal 3.11.2-6+deb12u6 N/A
supabase-auth
CRITICAL: 3 HIGH: 31

Critical Vulnerabilities Details

Vulnerability ID Package Version Fixed In
CVE-2026-27143 stdlib go1.25.5 1.25.9
CVE-2025-68121 stdlib go1.25.5 1.24.13
GHSA-p77j-4mvh-x3m3 google.golang.org/grpc v1.63.2 1.79.3
supabase-pooler
CRITICAL: 8 HIGH: 137

Critical Vulnerabilities Details

Vulnerability ID Package Version Fixed In
CVE-2019-8457 libdb5.3 5.3.28+dfsg1-0.8 N/A
CVE-2025-6965 libsqlite3-0 3.34.1-3+deb11u1 N/A
CVE-2023-23914 curl 7.74.0-1.3+deb11u15 N/A
CVE-2023-23914 libcurl4 7.74.0-1.3+deb11u15 N/A
CVE-2026-5121 libarchive13 3.4.3-2+deb11u2 N/A
CVE-2026-6100 libpython3.9 3.9.2-1+deb11u3 3.9.2-1+deb11u6
CVE-2026-6100 libpython3.9-minimal 3.9.2-1+deb11u3 3.9.2-1+deb11u6
CVE-2026-6100 libpython3.9-stdlib 3.9.2-1+deb11u3 3.9.2-1+deb11u6
supabase-rest
CRITICAL: 0 HIGH: 0
supabase-db
CRITICAL: HIGH:
supabase-vector
CRITICAL: 0 HIGH: 20
supabase-imgproxy
CRITICAL: 3 HIGH: 19

Critical Vulnerabilities Details

Vulnerability ID Package Version Fixed In
CVE-2026-27143 stdlib go1.25.1 1.25.9
CVE-2025-68121 stdlib go1.25.1 1.24.13
GHSA-p77j-4mvh-x3m3 google.golang.org/grpc v1.75.1 1.79.3