Couchdb
This hub aggregates every CVE we track for Couchdb, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
3
Critical
7
High
1
In CISA KEV
Severity distribution
MEDIUM10HIGH7CRITICAL3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Couchdb.
- CVE-2023-45725Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents5.7
- CVE-2023-26268Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes4.4
- CVE-2022-24706Remote Code Execution Vulnerability in PackagingKEV9.8
- CVE-2021-38295Privilege escalation vulnerability when using HTML attachments7.3
- CVE-2020-1955CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to t...9.8
- CVE-2018-17188Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the u...7.2
- CVE-2018-14889CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.7.8
- CVE-2018-11769CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is poss...7.2
- CVE-2018-8007Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible f...7.2
- CVE-2016-8742The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore...7.8
- CVE-2017-12636CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by Cou...7.2
- CVE-2017-12635Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate key...9.8
- CVE-2012-5649Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.6.8
- CVE-2014-2668Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.5.0
- CVE-2012-5650Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML vi...4.3
Product normalization is registry-driven with AI assist and human review. How it works