{"package":"github.com/dgraph-io/dgraph/v24","ecosystem":"go","latest_version":"v24.1.8","description":"high-performance graph database for real-time use cases","license":"","license_risk":"unknown","commercial_use_notes":"No license declared in registry metadata — verify manually before commercial use.","homepage":"https://pkg.go.dev/github.com/dgraph-io/dgraph/v24","repository":"https://github.com/dgraph-io/dgraph/v24","downloads_weekly":21670,"health":{"score":52,"risk":"high","breakdown":{"maintenance":25,"popularity":10,"security":0,"maturity":12,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":4,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-40173","severity":"critical","summary":"Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints","affected_versions":"<25.3.2|<=24.1.7|<=1.2.8","fixed_version":"25.3.2","source":"osv","published_at":"2026-04-16T21:08:07Z","in_kev":false,"epss_prob":0.00118,"epss_percentile":0.30286,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-41327","severity":"critical","summary":"Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field","affected_versions":"<25.3.3|<=24.1.8|<=1.2.8","fixed_version":"25.3.3","source":"osv","published_at":"2026-04-24T15:41:21Z","in_kev":false,"epss_prob":0.00031,"epss_percentile":0.08968,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-34976","severity":"critical","summary":"Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization","affected_versions":"<25.3.1|<=24.0.5|<=1.2.8","fixed_version":"25.3.1","source":"osv","published_at":"2026-04-02T20:44:36Z","in_kev":false,"epss_prob":0.00095,"epss_percentile":0.26188,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-41328","severity":"critical","summary":"Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field","affected_versions":"<25.3.3|<=24.1.8|<=1.2.8","fixed_version":"25.3.3","source":"osv","published_at":"2026-04-24T15:41:42Z","in_kev":false,"epss_prob":0.00076,"epss_percentile":0.2259,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v24.1.8","total_count":31,"recent":["v24.1.0-rc5","v24.0.4","v24.0.6-alpha2","v24.1.6","v24.1.5","v24.0.0","v24.0.1","v24.1.4","v24.0.2-rc1","v24.1.0-rc4","v24.0.6-alpha3","v24.0.6-alpha1","v24.1.4-test1","v24.0.3","v24.1.0","v24.0.2","v24.1.3","v24.0.0-rc1","v24.1.7","v24.1.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":240,"first_published":null,"last_published":"2026-04-21T20:47:15Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["4 critical vulnerabilities"],"use_version":"v24.1.8","version_hint":"Update to >= 25.3.3 to fix known vulnerabilities","summary":"github.com/dgraph-io/dgraph/v24 has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":7,"avg_days_between_releases":null,"release_velocity":"active"}}