EUVD-2026-23518

Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

CVE-2022-37423

Neo4j APOC Awesome Procedures on Cypher before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream...

CVE-2022-23532

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

EUVD-2018-0819

Malware in sbrugna...

EUVD-2023-0647

Malicious code in bioql PyPI...

EUVD-2022-6501

Malicious code in bioql PyPI...

CVE-2023-23926

APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...

Malicious code in neo4j-apoc-procedures (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ae32122ca71a7a075fce5993dbcdceca009308664157c1655b4b3897e205f3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3195 Malicious code in neo4j-apoc-procedures (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ae32122ca71a7a075fce5993dbcdceca009308664157c1655b4b3897e205f3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3194 Malicious code in neo4j-apoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446dfffd9d2f4e171ae7e9e3d88c997b8c9c9437d3f9c6b47174ad17ac40a651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in neo4j-apoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446dfffd9d2f4e171ae7e9e3d88c997b8c9c9437d3f9c6b47174ad17ac40a651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.7.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.7.0-RC1) +10 more potentially affected by CVE-2023-23926 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.5.0.7)

org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.8.0, =1.10.0 - org.jqassistant.contrib.plugin:jqassistant-plantuml-rule-plugin =1.7.0 Source cves: CVE-2023-23926 Source advisory: OSV:GHSA-9VX8-F5C4-862X...

GHSA-9VX8-F5C4-862X XML External Entity (XXE) vulnerability in apoc.import.graphml

Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...

GHSA-6WXG-WH7F-RQPR XML External Entity (XXE) vulnerability in apoc.import.graphml

Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...

XML External Entity (XXE) vulnerability in apoc.import.graphml

Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...

CVE-2023-23926

APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...

Xxe

APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...

CVE-2023-23926

APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...