Security: bytebase/dbhub
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Read-only mode can be bypassed on the MySQL and MariaDB connectors, allowing arbitrary writes and DDL (for example DROP TABLE) through a query that passes the read-only check. DBHub treats "--" as a comment regardless of the next character, but MySQL and MariaDB only start a "--" comment when it is followed by whitespace, so a statement hidden after "--" is ignored by the read-only check yet executed by the database. The MySQL/MariaDB connectors run with multipleStatements enabled and execute the original query string.GHSA-j656-3hf2-fvjc published
Jun 24, 2026 by tianzhouHigh -
Read-only mode does not prevent database writesGHSA-mwwr-p57h-56pf published
Jun 24, 2026 by tianzhouHigh -
DBHub HTTP transport DNS rebinding allows unauthenticated browser-origin SQL executionGHSA-fm8p-53ww-hf6w published
Jun 24, 2026 by tianzhouHigh
Learn more about advisories related to bytebase/dbhub in the GitHub Advisory Database