Every CVE whose affected-product data names Yugabyte Yugabytedb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-37397 — CVSS 8.3 (high): An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When…
CVE-2024-41435 — CVSS 7.5 (high): YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter.
CVE-2023-0575 — CVSS 7.2 (high): External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte…
CVE-2023-4640 — CVSS 6.5 (medium): The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated…
CVE-2023-6002 — CVSS 6.5 (medium): YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an…
CVE-2023-6001 — CVSS 5.3 (medium): Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere…