CVE-2026-6322 vulnerabilities

Vulnerabilities for packages: vitess, kibana, saf, prism, keep, arangodb, opensearch-dashboards-fips, langfuse-fips, wazuh-dashboard-fips, opensearch-dashboards, langfuse, tileserver-gl-fips, wazuh-dashboard, tileserver-gl, argo-workflows, keep-fips...

CVE-2026-27969 Vitess users with backup storage access can write to arbitrary file paths on restore

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

PT-2026-22106

Name of the Vulnerable Software and Affected Versions Vitess versions prior to 23.0.3 Vitess versions prior to 22.0.4 Description Vitess is a database clustering system for horizontal scaling of MySQL. A flaw exists where someone with read/write access to the backup storage location can manipulat...

Azure Linux 3.0 Security Update: vitess (CVE-2017-14623)

The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-14623 advisory. - In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker May be able to login with an empty...

GHSA-52F5-9888-HMC6 vulnerabilities

Vulnerabilities for packages: kibana, saf, prism, lerna, opensearch-dashboards, opensearch-dashboards-fips, vitess, kubeflow-centraldashboard...

CVE-2025-22872 affecting package vitess for versions less than 17.0.7-8

CVE-2025-22872 affecting package vitess for versions less than 17.0.7-8. A patched version of the package is available...

CVE-2024-53257

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered usin...

Azure Linux 3.0 Security Update: vitess (CVE-2024-53257)

The version of vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53257 advisory. - Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env...

Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

AZL-58402 CVE-2025-22870 affecting package vitess for versions less than 17.0.7-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CVE-2024-45339 affecting package vitess for versions less than 17.0.7-4

CVE-2024-45339 affecting package vitess for versions less than 17.0.7-4. A patched version of the package is available...

Azure Linux 3.0 Security Update: sriov-network-device-plugin / vitess (CVE-2024-45339)

The version of sriov-network-device-plugin / vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45339 advisory. - When logs are written to a widely-writable directory the default, an...

CVE-2024-45339 affecting package vitess for versions less than 19.0.4-4

CVE-2024-45339 affecting package vitess for versions less than 19.0.4-4. A patched version of the package is available...

CVE-2024-32886 affecting package vitess for versions less than 19.0.4-1

CVE-2024-32886 affecting package vitess for versions less than 19.0.4-1. A patched version of the package is available...

CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1

CVE-2024-32886 affecting package vitess for versions less than 17.0.7-1. A patched version of the package is available...

AZL-56075 CVE-2024-45339 affecting package vitess for versions less than 17.0.7-4

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

CVE-2024-45338 affecting package vitess for versions less than 17.0.7-3

CVE-2024-45338 affecting package vitess for versions less than 17.0.7-3. A patched version of the package is available...

AZL-53970 CVE-2024-53257 affecting package vitess for versions less than 19.0.4-7

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered usin...

CVE-2024-53257 Vitess allows HTML injection in /debug/querylogz & /debug/env

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered usin...