This page aggregates publicly disclosed CVE and security risk information related to uptrace, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-44906 | uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15. | [email protected] | 6.5 | 0.22% | 2025-06-12 | 2025-08-13 |
| CVE-2024-44905 | go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go. | [email protected] | 6.5 | 0.20% | 2025-06-12 | 2025-07-09 |