Every CVE whose affected-product data names Trychroma Chromadb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-45830 — CVSS 8.8 (high): A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily…
CVE-2026-45831 — CVSS 8.8 (high): The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a…
CVE-2026-45832 — CVSS 8.8 (high): All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing…
CVE-2026-45833 — CVSS 8.8 (high): A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary…