Couchdb
This hub aggregates every CVE we track for Couchdb, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
3
Critical
7
High
1
In CISA KEV
Severity distribution
HIGH7CRITICAL3MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Couchdb.
- CVE-2023-45725Apache CouchDB, IBM Cloudant: Privilege Escalation Using _design Documents5.7
- CVE-2022-24706Remote Code Execution Vulnerability in PackagingKEV9.8
- CVE-2021-38295Privilege escalation vulnerability when using HTML attachments7.3
- CVE-2020-1955CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to t...9.8
- CVE-2018-17188Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the u...7.2
- CVE-2018-14889CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.7.8
- CVE-2018-11769CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is poss...7.2
- CVE-2018-8007Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible f...7.2
- CVE-2016-8742The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore...7.8
- CVE-2017-12635Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate key...9.8
- CVE-2017-12636CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by Cou...7.2
Product normalization is registry-driven with AI assist and human review. How it works