Browse all 7 CVE security advisories affecting Aiven-Open. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Aiven-Open provides cloud-based data infrastructure services, enabling organizations to manage databases and streaming platforms. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from misconfigurations and input validation flaws. While no major public security incidents have been widely reported, the 7 documented CVEs highlight potential risks in its exposed services and API endpoints. The platform's reliance on third-party components and cloud-native architecture introduces additional attack surfaces, requiring continuous monitoring and patch management to mitigate identified weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29190 | Karapace: Path Traversal in Backup Reader — karapaceCWE-22 | 4.1 | Medium | 2026-03-07 |
| CVE-2026-25999 | Klaw has an improper authorisation check on /resetMemoryCache — klawCWE-285 | 7.1 | High | 2026-02-11 |
| CVE-2026-23529 | Arbitrary File Read in Google BigQuery Sink connector — bigquery-connector-for-apache-kafkaCWE-73 | 7.7 | High | 2026-01-16 |
| CVE-2025-67745 | Myhoard logs backup encryption key in plain text — myhoardCWE-402 | 7.1 | High | 2025-12-18 |
| CVE-2025-61673 | Karapace is vulnerable to Authentication Bypass — karapaceCWE-306 | 8.6 | High | 2025-10-03 |
| CVE-2024-56142 | Path Traversal in pghoard — pghoardCWE-22 | 6.5 | - | 2024-12-17 |
| CVE-2023-51390 | Information Disclosure Vulnerability in Journalpump — journalpumpCWE-284 | 6.5 | Medium | 2023-12-20 |
This page lists every published CVE security advisory associated with Aiven-Open. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.