Browse all 11 CVE security advisories affecting YugabyteDB. AI-powered Chinese analysis, POCs, and references for each vulnerability.
YugabyteDB serves as a distributed SQL database designed for cloud-native applications requiring high availability and scalability. Historically, its vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation risks, with 11 CVEs currently documented. The platform implements security features like encryption at rest and in transit, along with role-based access controls. While no major security incidents have been widely reported, the CVE count indicates potential attack surfaces that require regular patching. Organizations should implement network segmentation and strict access controls to mitigate risks, as the distributed nature of the database introduces complex security considerations beyond traditional relational databases.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-11193 | YugabyteDB 安全漏洞 — YugabyteDB AnywhereCWE-532 | 7.8AI | HighAI | 2024-11-13 |
| CVE-2024-11165 | YugabyteDB 安全漏洞 — YugabyteDB AnywhereCWE-532 | 4.9AI | MediumAI | 2024-11-13 |
| CVE-2024-6908 | Admin Can Escalate Privileges to SuperAdmin Using Manual PUT Request — YugabyteDB AnywhereCWE-269 | 7.2 | - | 2024-07-19 |
| CVE-2024-6895 | Insecure Account Profile Management — YugabyteDB AnywhereCWE-306 | 5.0 | - | 2024-07-19 |
| CVE-2024-0006 | DB User Password Leak in Application Log — YugabyteDB AnywhereCWE-532 | 7.1 | - | 2024-07-19 |
| CVE-2023-6001 | Prometheus Metrics Accessible Pre-Authentication — YugabyteDB AnywhereCWE-200 | 5.3 | Medium | 2023-11-07 |
| CVE-2023-0745 | Arbitrary File Write in High Availability Backup Upload — YugabyteDB AnywhereCWE-23 | 6.7 | Medium | 2023-02-09 |
| CVE-2023-0574 | Server-Side Request Forgery — YugabyteDB AnywhereCWE-918 | 6.8 | Medium | 2023-02-09 |
This page lists every published CVE security advisory associated with YugabyteDB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.