> Vulnerability Database

Learn about Row Level Security misconfiguration - the #1 vulnerability in Supabase apps. Understand how RLS works, why it fails, and how to properly configure it.

Learn about API key exposure vulnerabilities - when secret keys are accidentally included in frontend code. Understand detection and prevention.

Learn about Firebase Security Rules misconfiguration - why test mode is dangerous and how to write production-ready rules.

Learn about SQL injection vulnerabilities - how they work, how to detect them, and how to prevent them with parameterized queries.

Learn about service key exposure - when admin/service credentials are exposed in frontend code, bypassing all security controls.

Learn about authentication bypass vulnerabilities - ways attackers circumvent login requirements to access protected resources.

Learn about HTTP security headers - what they protect against, which ones you need, and how to configure them for your web application.

Learn about weak authentication vulnerabilities including missing password requirements, session handling issues, and how to strengthen your auth system.

Learn about CORS misconfiguration - when cross-origin policies are too permissive, allowing malicious sites to access your API.

Learn about XSS vulnerabilities - how attackers inject malicious scripts and how to prevent them with proper encoding and CSP.

Learn about IDOR vulnerabilities - when attackers can access other users' data by manipulating object identifiers in requests.

Learn about source map exposure - when production builds accidentally expose original source code, including business logic and secrets.

Learn about insecure cookie vulnerabilities - missing Secure, HttpOnly, and SameSite flags that leave sessions vulnerable to attacks.

Learn about information disclosure vulnerabilities - when applications reveal sensitive information through error messages, headers, or responses.