Vitessio Vitess vulnerabilities
6 known vulnerabilities affecting vitessio/vitess.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-27969CRITICALCVSS 9.3fixed in 22.0.4v>= 23.0.0, < 23.0.32026-02-26
CVE-2026-27969 [CRITICAL] CWE-22 CVE-2026-27969: Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the manifest — which may be files that they have also added to the manifest and backup contents — are writ
nvd
CVE-2026-27965HIGHCVSS 8.4fixed in 22.0.4v>= 23.0.0, < 23.0.32026-02-26
CVE-2026-27965 [HIGH] CWE-78 CVE-2026-27965: Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintende
nvd
CVE-2024-53257MEDIUMCVSS 4.9v>= 0.21.0-rc1, < 21.0.1v>= 0.20.0-rc1, < 20.0.4+1 more2024-12-03
CVE-2024-53257 [MEDIUM] CWE-79 CVE-2024-53257: Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /de
Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML
nvd
CVE-2024-32886MEDIUMCVSS 4.9fixed in 17.0.7v>= 18.0.0, < 18.0.5+1 more2024-05-08
CVE-2024-32886 [MEDIUM] CWE-835 CVE-2024-32886: Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following
Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and eventually will run out of memory. This vulnerability is fixed in 19.0.4, 18.0.5, and 17.0.7.
nvd
CVE-2023-29195MEDIUMCVSS 4.3fixed in 16.0.22023-05-11
CVE-2023-29195 [MEDIUM] CWE-20 CVE-2023-29195: Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding.
Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view
nvd
CVE-2023-29194LOWCVSS 2.7fixed in 0.16.12023-04-14
CVE-2023-29194 [LOW] CWE-20 CVE-2023-29194: Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentional
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an err
nvd