51 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...
PT-2026-56085
Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.5 Description Neo4jChatAgent passes LLM-generated Cypher queries directly to the Neo4j driver without validation, a statement-type allowlist, or an opt-out gate. Because the query text can be influenced by promp...
EUVD-2026-23518
Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...
CVE-2026-35402
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2022-37423
Neo4j APOC Awesome Procedures on Cypher before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream...
CVE-2022-23532
APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...
EUVD-2018-0819
Malware in sbrugna...
EUVD-2022-6501
Malicious code in bioql PyPI...
EUVD-2023-0647
Malicious code in bioql PyPI...
CVE-2023-23926
APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...
MAL-2025-3195 Malicious code in neo4j-apoc-procedures (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ae32122ca71a7a075fce5993dbcdceca009308664157c1655b4b3897e205f3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in neo4j-apoc-procedures (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ae32122ca71a7a075fce5993dbcdceca009308664157c1655b4b3897e205f3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in neo4j-apoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446dfffd9d2f4e171ae7e9e3d88c997b8c9c9437d3f9c6b47174ad17ac40a651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3194 Malicious code in neo4j-apoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446dfffd9d2f4e171ae7e9e3d88c997b8c9c9437d3f9c6b47174ad17ac40a651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-9VX8-F5C4-862X XML External Entity (XXE) vulnerability in apoc.import.graphml
Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...
com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.7.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.7.0-RC1) +10 more potentially affected by CVE-2023-23926 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.5.0.7)
org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.8.0, =1.10.0 - org.jqassistant.contrib.plugin:jqassistant-plantuml-rule-plugin =1.7.0 Source cves: CVE-2023-23926 Source advisory: OSV:GHSA-9VX8-F5C4-862X...
GHSA-6WXG-WH7F-RQPR XML External Entity (XXE) vulnerability in apoc.import.graphml
Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...
XML External Entity (XXE) vulnerability in apoc.import.graphml
Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...
CVE-2023-23926
APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...