« All posts

Three Incidents in Supabase Highlight Security Issues

Three security incidents in Supabase reveal critical lessons for engineers. Public access and misconfigurations are key concerns.

Supabase has revealed security vulnerabilities through three distinct objects. The first incident involved a backup table being inadvertently made public. The second incident was due to a misconfigured policy allowing unauthorized data insertions. The third incident allowed SECURITY DEFINER functions to be executed publicly. These cases underscore critical considerations for engineers regarding data security.