@powersync/service-core (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @powersync/service-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (1)
CVE-2026-30870 — CVSS 6.5 (medium): PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with…