CVE-2026-42502 affecting package influxdb for versions less than 2.7.5-17

CVE-2026-42502 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...

CVE-2025-11065 affecting package influxdb for versions less than 2.7.5-13

CVE-2025-11065 affecting package influxdb for versions less than 2.7.5-13. A patched version of the package is available...

AZL-76893 CVE-2025-47911 affecting package influxdb for versions less than 2.6.1-30

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Azure Linux 3.0 Security Update: influxdb (CVE-2019-0205)

The version of influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-0205 advisory. - In Apache Thrift all versions up to and including 0.12.0, a server or client May run into an endless loop...

EUVD-2022-5501

Malicious code in bioql PyPI...

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...

Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

AZL-77508 CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-77522 CVE-2025-30204 affecting package influxdb 2.7.5-10

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

Azure Linux 3.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

CVE-2024-28180 affecting package influxdb for versions less than 2.6.1-20

CVE-2024-28180 affecting package influxdb for versions less than 2.6.1-20. A patched version of the package is available...

AZL-52192 CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-35842 CVE-2024-28180 affecting package influxdb for versions less than 2.6.1-20

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-34805 CVE-2023-44487 affecting package influxdb for versions less than 2.6.1-11

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains various vulnerable environments, including CouchDB, ffmpeg, git, and influxdb, among...