Please do not open a public GitHub issue for security problems.
Use GitHub's private vulnerability reporting form:
π https://github.com/getbetweenrows/betweenrows/security/advisories/new
Reports submitted through this form are visible only to the project maintainers. You do not need a CVE number or a specific format β a clear description of the issue, steps to reproduce, and the affected version are enough.
- Affected version(s) β proxy image tag or commit SHA, admin UI version if relevant.
- Component β proxy, admin UI, policy hook, migration, etc.
- Reproduction steps β minimum commands or configuration to trigger the issue.
- Impact β what an attacker could read, write, bypass, or crash.
- Suggested remediation (optional) β if you have a fix in mind.
In scope:
- The proxy (Rust,
proxy/) β wire-protocol handling, query rewriting, policy enforcement, audit logging. - The admin UI (React,
admin-ui/) β authentication, authorization, CSRF, XSS, IDOR, etc. - The admin REST API β management-plane endpoints on port 5435.
- Migrations (
migration/) β SQL schema correctness, data-destruction risks. - Decision functions (JavaScript β WASM via Javy) β sandbox escape, fuel/memory limit bypass.
- Docker images published to
ghcr.io/getbetweenrows/betweenrows.
Out of scope:
- Vulnerabilities in upstream PostgreSQL itself.
- Misconfiguration issues where the documented guidance was not followed (unless the documentation itself is misleading).
- Denial-of-service via deliberately pathological SQL on an unprotected deployment. The proxy is not a DDoS shield.
- Third-party integrations not maintained in this repository.
The threat model, defenses, and known limitations are documented in:
Issues already listed there are known trade-offs, not vulnerabilities β but reports that sharpen or contradict them are welcome.
We will credit reporters in the release notes unless you prefer to stay anonymous. Please let us know your preference when you report.