Browse all 3 CVE security advisories affecting Arangodb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ArangoDB serves as a multi-model database supporting graph, document, and key-value data models for modern applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The database has experienced security incidents such as exposed default credentials and insecure deployment configurations. With three current CVEs, ArangoDB maintains security through regular updates and hardening guides, though users must remain vigilant about configuration management to prevent unauthorized access and data breaches.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2019-25367 | ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface — ArangoDB Community EditionCWE-79 | 5.4 | Medium | 2026-02-15 |
| CVE-2021-25939 | ArangoDB - Blind SSRF when Downloading Foxx Service from URL — arangodbCWE-918 | 2.7 | Low | 2022-02-09 |
| CVE-2021-25940 | ArangoDB - Insufficient Session Expiration after Password Change — arangodbCWE-613 | 8.8 | High | 2021-11-16 |
This page lists every published CVE security advisory associated with Arangodb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.