16 matches found
Neo4j < 5.26.21 Information Disclosure Vulnerability (CVE-2026-1622)
According to its self-reported version number, the version of Neo4j running on the remote host is a version prior to 5.26.21. It is, therefore, affected by a information disclosure vulnerability where The obfuscateliterals option in the query logs does not redact error information, exposing...
br.com.caelum.vraptor:vraptor-neo4j (=0.9.0), com.brinkus.labs:labs-cloud-starter-neo4j (>=1.2.0 <=1.4.0) +482 more potentially affected by CVE-2026-1622 via org.neo4j:neo4j (>=1.3 <=5.26.20)
org.neo4j:neo4j MAVEN version =1.3, =1.2.0, =1.12.0-M1, =2.0.0, =1.4.0, =1.4.0, =2.1.0, =2.1.0, =1.12.0-M1, =1.2.0, =1.12.0-M1, =1.0.0, =1.0.0, =1.1.4 and more Source cves: CVE-2026-1622 Source advisory: OSV:GHSA-4J3G-RWWQ-4P54...
GHSA-4J3G-RWWQ-4P54 Neo4j Enterprise and Community vulnerable to a potential information disclosure
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...
CVE-2026-1622
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...
CVE-2025-12738
Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...
CVE-2022-23532
APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...
EUVD-2013-7037
Malware in sbrugna...
EUVD-2023-0647
Malicious code in bioql PyPI...
CVE-2025-56406
An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended for use in a local...
CVE-2021-34371
Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...
CVE-2023-23926
APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...
GHSA-X626-Q4V7-7XC6 Neo4J vulnerable to Cross-Site Request Forgery
Multiple cross-site request forgery CSRF vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to 1 db/data/ext/GremlinPlugin/graphdb/executescript or 2 db/manage/server/console/...
br.com.caelum.vraptor:vraptor-neo4j (=0.9.0), com.brinkus.labs:labs-cloud-starter-neo4j (>=1.2.0 <=1.4.0) +410 more potentially affected by CVE-2021-34371 via org.neo4j:neo4j (>=1.3 <=3.5.0-rc01)
org.neo4j:neo4j MAVEN version =1.3, =1.2.0, =1.4.0, =1.4.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0, =1.2.0, =1.2.0, =1.6.0-RC1 and more Source cves: CVE-2021-34371 Source advisory: OSV:GHSA-PC4W-8V5J-29W9...
Neo4j 代码问题漏洞
Neo4j is a Java-based and fully ACID-compatible graphical database from Neo4j, Inc. that supports data migration, add-ons, and more. A code issue vulnerability exists in neo4j that originates from an RMI service that arbitrarily deserializes Java objects. An attacker exploiting this vulnerability...
Neo4j 安全漏洞
Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, which supports data migration, add-ons, etc. A security vulnerability exists in Neo4j Graph Database versions 4.2 and 4.3, which stems from a failure to reset the security environment during certain transaction operations ...
com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.6.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.6.0-RC1) +8 more potentially affected by CVE-2018-1000820 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.4.0.3)
org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.6.0-RC1 - io.codekontor.slizaa.extensions:slizaa-extensions-jtype =1.0.0.M3 - io.codekontor.slizaa.extensions:slizaa-extensions-jtype-scanner-apoc =1.0.0.M3 - io.codekontor.slizaa.extensions:slizaa-extensions-neo4j...