SUNDAY, JULY 12, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 2h ago

40% of Lovable apps expose database in browser

By Meridian48 News Desk · Summarised from DEV Community ·

A passive scan of 15 public Lovable-built apps found 6 load their Supabase database client-side with public API keys, risking data exposure if Row-Level Security is misconfigured. Two audited apps leaked user data and paid content: one exposed password hashes, another gave away its entire paid catalogue without authentication. The author created a free tool, sealdy.dev, to help developers check for such leaks.

Meridian48 take
The findings underscore a common pitfall in low-code platforms: convenience can mask critical security gaps, and developers must verify backend access controls rather than trusting the tool.
Read the full reporting
I scanned 15 public Lovable apps. 40% load their database in the browser. →
DEV Community
lovablesupabase
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan