Back to feed
Dev.to
Dev.to
5/9/2026
I scanned my own Supabase project and found 17 tables anyone could read with the anon key

I scanned my own Supabase project and found 17 tables anyone could read with the anon key

Short summary

A developer discovered 17 Supabase tables exposed to anonymous API access due to disabled Row Level Security—a vulnerability pattern that becomes auto-prevented October 30, 2026. They released an open-source Node.js auditor tool that scans locally without sending credentials externally and integrates with CI/CD pipelines. The post includes SQL fixes and explains root causes of this security misconfiguration.

  • Developer found 17 exposed tables in their Supabase project due to disabled RLS and default anonymous grants
  • Released open-source CLI auditor tool with HTML reporting, local execution, and CI/CD integration
  • Provides SQL fixes and explains why this happened; October 30 deadline for enforcing new defaults

Generated with AI, which can make mistakes.

#open-source#certification-education
Read full article at Dev.to

Is this a good recommendation for you?

Explore more

New tool audits Supabase, Firebase, Appwrite, PocketBase, Nhost security leaks
Dev.to
I Audited 50 Vibe-Coded Apps. Here's What Broke.
Dev.to
Silent errors in Supabase mutations: Three patterns to prevent production failures
Dev.to
Beyond the Vibe: Why “Secure by Default” is the Only Way to Build in 2026
Dev.to