Is github.com/dgraph-io/dgraph/v24 safe to use?

github.com/dgraph-io/dgraph/v24 has 4 known vulnerabilities on the latest version (v24.1.8). DepScope rates its health at 52/100 (high risk).

What is the latest version of github.com/dgraph-io/dgraph/v24?

The latest version of github.com/dgraph-io/dgraph/v24 is v24.1.8, released 2026-04-21.

Yes. github.com/dgraph-io/dgraph/v24 has 4 known vulnerabilities. See depscope.dev/pkg/go/github.com/dgraph-io/dgraph/v24 for details.

No, github.com/dgraph-io/dgraph/v24 is actively maintained. Latest release: v24.1.8 (2026-04-21).

DepScope has no curated alternatives for github.com/dgraph-io/dgraph/v24 at this time.

License information for github.com/dgraph-io/dgraph/v24 is not declared in the registry metadata.

govv24.1.8

high-performance graph database for real-time use cases

31 versions240 maintainers0 deps21,670 weekly dl

/ 100

Health

do not use

github.com/dgraph-io/dgraph/v24 has critical vulnerabilities — do not use

Update to >= 25.3.3 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

10/20

popularity

0/25

security

12/15

maturity

5/15

community

Vulnerabilities

4 critical

Advisories (4)

Severity	ID	Summary	Fixed in
critical	CVE-2026-40173	Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints	25.3.2
critical	CVE-2026-41327	Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field	25.3.3
critical	CVE-2026-34976	Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization	25.3.1
critical	CVE-2026-41328	Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field	25.3.3

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/github.com/dgraph-io/dgraph/v24

Last updated · 2026-04-21T20:47:15Z