Advisories
Date | CVE Number | CVE Title | Severity | Products | Affected Versions | Reporter |
2024-05-07 | CVE-2024-34517 | Mishandling of IMMUTABLE privileges | Medium | Neo4j Enterprise | 5.x prior to 5.19 | Internal |
2023-02-16 | CVE-2023-23926 | XML External Entity (XXE) vulnerability in the apoc.import.graphml procedure | Medium | APOC core APOC extended | 4.4.x prior to 4.4.0.14 5.5.x prior to 5.5.0 | Christopher Schneider – State Farm |
2023-01-13 | CVE-2022-23532 | Path Traversal Vulnerability in the apoc.export.* procedures | High | APOC core APOC extended | 4.3.x prior to 4.3.0.12 4.4.x prior to 4.4.0.12 5.5.x prior to 5.4.0 | Adam Reziouk – Airbus |
2022-08-12 | CVE-2022-37423 | Partial Path Traversal vulnerability in apoc.log.stream | Medium | APOC extended | 4.3.x prior to 4.3.0.7 4.4.x prior to 4.4.0.8 | Jonathan Leitschuh |
2022-02-01 | CVE-2021-42767 | Directory Traversal vulnerabilities in several apoc* functions | Medium | APOC extended | 3.5.x prior to 3.5.0.17 4.2.x prior to 4.2.0.10 4.3.x prior to 4.3.0.4 4.4.x prior to 4.4.0.1 | Nicolai Grødum – PwC Norway |
2021-07-30 | CVE-2021-34802 | A failure in resetting the security context in some transaction actions could allow authenticated users to execute commands with elevated privileges. | Medium | Neo4j Enterprise | 4.2.x prior to 4.2.8 | Internal |
2018-10-16 | CVE-2018-18389 | Access control bypass in LDAP authentication | Critical | Neo4j Enterprise | 3.4.x prior to 3.4.9 | oschlueter |