Sphinx
This hub aggregates every CVE we track for Sphinx, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
HIGH2MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 3 most recently published vulnerabilities affecting Sphinx.
- CVE-2022-2838In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is a...5.3
- CVE-2020-29050SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operati...7.5
- CVE-2019-14511Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).7.5
Product normalization is registry-driven with AI assist and human review. How it works