CVE-2026-34481 vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, neo4j, spark, solr, apache-pulsar, flink...

GHSA-W35J-PV5H-Q9Q9 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, spark-kubernetes-operator-fips, strimzi-kafka-operator, spark-fips, apache-pulsar-fips, neo4j, apache-pulsar, spark-kubernetes-operator, wso2is, camunda, kafka-bridge-fips, apache-camel-karavan-devmode, solr, flink, kafka-bridge, spark...

CVE-2026-34481 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, spark-kubernetes-operator-fips, strimzi-kafka-operator, spark-fips, apache-pulsar-fips, neo4j, apache-pulsar, spark-kubernetes-operator, wso2is, camunda, kafka-bridge-fips, apache-camel-karavan-devmode, solr, flink, kafka-bridge, spark...

GHSA-3PXV-7CMR-FJR4 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, apache-tika, kafka-fips, logstash, strimzi-kafka-operator, opensearch, kafka, spark-kubernetes-operator, apache-pulsar, geoserver, tritonserver-backend-vllm-cuda-13.0, kafka-bridge-fips, apache-camel-karavan-devmode, akhq, apache-activemq, zipkin,...

CVE-2026-34480 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, apache-tika, kafka-fips, logstash, strimzi-kafka-operator, opensearch, kafka, spark-kubernetes-operator, apache-pulsar, geoserver, tritonserver-backend-vllm-cuda-13.0, kafka-bridge-fips, apache-camel-karavan-devmode, akhq, apache-activemq, zipkin,...

PT-2026-28326

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description The software contains a Cypher injection issue within the Neo4jVectorFilterExpressionConverter component. When a user-controlled string is used as a filt...

CVE-2026-32247

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

CVE-2026-1497

Neo4j Enterprise suffers an incorrect namespace resolution in composite databases, before versions 2026.02 and 5.26.22. An admin granting access to a remote constituent "namespace.name" can inadvertently grant privileges to any local database or remote alias named "name"; if that target doesn’t e...

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

Neo4j < 2026.01 XSS Vulnerability (CVE-2026-1337)

According to its its self-reported version number, the version of Neo4j running on the remote host is a version prior to 2026.01. It is, therefore, affected by a XSS vulnerability where Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions. Note that...

CVE-2026-1622 vulnerabilities

Vulnerabilities for packages: neo4j...

CVE-2026-1622 vulnerabilities

Vulnerabilities for packages: neo4j...

CVE-2026-1622

A flaw was found in Neo4j. The obfuscateliterals option in the query logs fails to extend redaction to error messages. When a query triggers an error, unredacted data, potentially containing sensitive literals, are exposed in the logs. This issue allows an attacker with access to the local log...

Exploit for CVE-2026-1337

CVE-2026-1337 - Neo4j - Log Injection Log injection by an au...

EUVD-2026-5512

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...

CVE-2025-12738 Enumeration of restricted property value

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

org.apache.camel.springboot:camel-neo4j-starter (>=4.15.0 <=4.16.0) potentially affected by CVE-2025-66169 via org.apache.camel:camel-neo4j (>=4.15.0 <=4.16.0)

org.apache.camel:camel-neo4j MAVEN version =4.15.0, =4.15.0, =4.16.0 Source cves: CVE-2025-66169 Source advisory: OSV:GHSA-4JRW-64VR-7G8M...

CVE-2025-66169

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...

CVE-2025-67735 vulnerabilities

Vulnerabilities for packages: infinispan, kserve-modelmesh, logstash-input-http, wildfly, sonarqube, tez, logstash, neo4j, trino, apache-nifi-registry, keycloak, thingsboard, apache-activemq-artemis, wavefront-proxy, apache-pulsar, docker-selenium, druid, zipkin, apicurio-registry, spark, flyway,...