Vulnerability Database

Learn about Row Level Security misconfiguration - the #1 vulnerability in Supabase apps. Understand how RLS works, why it fails, and how to properly configure it.

Learn about API key exposure vulnerabilities - when secret keys are accidentally included in frontend code. Understand detection and prevention.

Learn about Firebase Security Rules misconfiguration - why test mode is dangerous and how to write production-ready rules.

Learn about SQL injection vulnerabilities - how they work, how to detect them, and how to prevent them with parameterized queries.

Learn about service key exposure - when admin/service credentials are exposed in frontend code, bypassing all security controls.

Learn about authentication bypass vulnerabilities - ways attackers circumvent login requirements to access protected resources.

Learn about session hijacking - when attackers steal or predict session tokens to impersonate authenticated users.

Learn about command injection vulnerabilities - when user input is passed to system shell commands, allowing arbitrary code execution.

Learn about broken access control - when applications fail to properly enforce what authenticated users are allowed to do.

Learn about sensitive data exposure - when applications fail to adequately protect sensitive information like passwords, credit cards, or personal data.

Learn about secrets leaked in git repositories - when API keys, passwords, or credentials are accidentally committed to version control.

Learn about Firebase Security Rules bypass - when misconfigured rules allow unauthorized access to Firestore, Storage, or Realtime Database.

Learn about authentication bypass vulnerabilities - methods attackers use to access protected resources without valid credentials.

Learn about HTTP security headers - what they protect against, which ones you need, and how to configure them for your web application.

Learn about weak authentication vulnerabilities including missing password requirements, session handling issues, and how to strengthen your auth system.

Learn about CORS misconfiguration - when cross-origin policies are too permissive, allowing malicious sites to access your API.

Learn about XSS vulnerabilities - how attackers inject malicious scripts and how to prevent them with proper encoding and CSP.

Learn about IDOR vulnerabilities - when attackers can access other users' data by manipulating object identifiers in requests.

Learn about CSRF attacks - when malicious sites trick users into performing unwanted actions on sites where they're authenticated.

Learn about brute force attacks - automated attempts to guess passwords, API keys, or other credentials through trial and error.

Learn about credential stuffing attacks - using leaked username/password pairs from other breaches to access accounts.

Learn about NoSQL injection vulnerabilities - attacks against document databases like MongoDB through malicious query operators.

Learn about API security vulnerabilities - common weaknesses in REST and GraphQL APIs that expose data and functionality to attackers.

Learn about source map exposure - when production builds accidentally expose original source code, including business logic and secrets.

Learn about insecure cookie vulnerabilities - missing Secure, HttpOnly, and SameSite flags that leave sessions vulnerable to attacks.

Learn about information disclosure vulnerabilities - when applications reveal sensitive information through error messages, headers, or responses.

Learn about clickjacking attacks - when malicious sites overlay invisible frames to trick users into clicking unintended buttons.

Learn about mixed content vulnerabilities - when HTTPS pages load resources over insecure HTTP, compromising security.

Learn about insecure error handling - when applications reveal sensitive information through detailed error messages and stack traces.