Browse all 9 CVE security advisories affecting Clickhouse. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ClickHouse serves as an open-source column-oriented database management system optimized for real-time analytics and large-scale data processing. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and improper access controls. While no major security incidents have been widely documented, the 9 recorded CVEs highlight potential risks in areas such as authentication mechanisms and query processing. Security characteristics include regular updates and a community-driven approach to patching, though users must remain vigilant about configuration hardening to mitigate exposure to known exploits.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-6873 | Specially crafted request could caused undefined behaviour which may lead to Remote Code Execution. — ClickHouseCWE-122 | 8.1 | High | 2024-08-01 |
| CVE-2024-22412 | ClickHouse's Role-based Access Control is bypassed when query caching is enabled. — ClickHouseCWE-863 | 2.4 | Low | 2024-03-18 |
| CVE-2023-48704 | Unauthenticated heap buffer overflow in Gorrila codec decompression — ClickHouseCWE-122 | 7.0 | High | 2023-12-22 |
| CVE-2023-48298 | Integer underflow leading to stack overflow in FPC codec decompression — ClickHouseCWE-191 | 5.9 | Medium | 2023-12-21 |
| CVE-2023-47118 | Heap buffer overflow in T64 codec decompression — ClickHouseCWE-122 | 7.0 | High | 2023-12-20 |
| CVE-2018-14671 | Yandex ClickHouse 输入验证错误漏洞 — ClickHouse | 9.8 | - | 2019-08-15 |
| CVE-2018-14670 | Yandex ClickHouse 授权问题漏洞 — ClickHouse | 9.8 | - | 2019-08-15 |
This page lists every published CVE security advisory associated with Clickhouse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.