CVE-2025-58190 affecting package vitess for versions less than 17.0.7-14

CVE-2025-58190 affecting package vitess for versions less than 17.0.7-14. A patched version of the package is available...

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that files in the manifest — which may be files that they have also...

AZL-75582 CVE-2025-11065 affecting package vitess for versions less than 17.0.7-14

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2025-22868 affecting package vitess for versions less than 19.0.4-5

CVE-2025-22868 affecting package vitess for versions less than 19.0.4-5. A patched version of the package is available...

AZL-58443 CVE-2025-22870 affecting package vitess for versions less than 19.0.4-7

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

AZL-31348 CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...