Advisories

DateCVE NumberCVE TitleSeverityProductsAffected VersionsReporter
2024-05-07CVE-2024-34517Mishandling of IMMUTABLE privilegesMediumNeo4j Enterprise5.x prior to 5.19Internal
2023-02-16CVE-2023-23926XML External Entity (XXE) vulnerability in the apoc.import.graphml procedureMediumAPOC core APOC extended4.4.x prior to 4.4.0.14 5.5.x prior to 5.5.0Christopher Schneider – State Farm
2023-01-13CVE-2022-23532Path Traversal Vulnerability in the apoc.export.* proceduresHighAPOC core APOC extended4.3.x prior to 4.3.0.12 4.4.x prior to 4.4.0.12 5.5.x prior to 5.4.0Adam Reziouk – Airbus
2022-08-12CVE-2022-37423Partial Path Traversal vulnerability in apoc.log.streamMediumAPOC extended4.3.x prior to 4.3.0.7 4.4.x prior to 4.4.0.8Jonathan Leitschuh
2022-02-01CVE-2021-42767Directory Traversal vulnerabilities in several apoc* functionsMediumAPOC extended3.5.x prior to 3.5.0.17 4.2.x prior to 4.2.0.10 4.3.x prior to 4.3.0.4 4.4.x prior to 4.4.0.1Nicolai Grødum – PwC Norway
2021-07-30CVE-2021-34802A failure in resetting the security context in some transaction actions could allow authenticated users to execute commands with elevated privileges.MediumNeo4j Enterprise4.2.x prior to 4.2.8Internal
2018-10-16CVE-2018-18389Access control bypass in LDAP authenticationCriticalNeo4j Enterprise3.4.x prior to 3.4.9oschlueter