Aggregates CVE and security vulnerability intelligence across all vesoft-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk ssrf and vendor risk command injection and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-47219 | An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. | [email protected] | 9.8 | 0.94% | 2024-09-22 | 2025-04-28 |
| CVE-2024-47218 | An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. | [email protected] | 9.8 | 0.03% | 2024-09-22 | 2025-04-28 |
| CVE-2023-36088 | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. | [email protected] | 7.5 | 0.08% | 2023-09-01 | 2024-11-21 |