vitess.io/vitess (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package vitess.io/vitess, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2026-27965 — CVSS 9.9 (critical): Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access…
CVE-2026-27969 — CVSS 8.8 (high): Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access…
CVE-2024-32886 — CVSS 4.9 (medium): Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go…
CVE-2024-53257 — CVSS 4.9 (medium): Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet…
CVE-2023-29194 — CVSS 4.1 (medium): Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace…
CVE-2023-29195 — CVSS 4.1 (medium): Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can…