Golang/Github.com/Ydb-Platform/Ydb-Go-Sdk/V3 | GitLab Advisory Database (GLAD)

Advisories for Golang/Github.com/Ydb-Platform/Ydb-Go-Sdk/V3 package

2026

ydb-go-sdk's transactions are not committed using the `options.WithCommit()` option on last call `table.Transaction.Execute` in transaction

Transactions were NOT committed despite the explicit options.WithCommit flag using table service client. Because of this, clients did not commit changes to the transaction, relying on the fact that the transaction commit was successful. This led (in rare cases) to a loss of data consistency.

2023

ydb-go-sdk token in custom credentials object can leak through logs

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object (implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using fmt.Errorf("something went wrong (credentials: %q)", credentials) during connection to the YDB server. If such logging occurred, a malicious user with access to logs could read …