Db2
This hub aggregates every CVE we track for Db2, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
339
CVEs tracked
14
Critical
94
High
0
In CISA KEV
Severity distribution
MEDIUM216HIGH94LOW15CRITICAL14
Monthly trend
4
0
1
2
3
1
0
0
0
8
0
8
0
0
0
9
0
18
4
0
4
6
6
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Db2.
- CVE-2025-36372IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables5.5
- CVE-2026-10109IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling9.8
- CVE-2026-11906IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user6.5
- CVE-2023-33854Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.5.3
- CVE-2025-2669Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.6.0
- CVE-2024-54178Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.6.5
- CVE-2026-6938IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query6.5
- CVE-2026-6053IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables5.5
- CVE-2026-6052IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables6.5
- CVE-2026-6051IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap5.5
- CVE-2026-1718IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure7.1
- CVE-2025-13755IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets5.5
- CVE-2026-1577IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries6.5
- CVE-2025-36122IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic6.5
- CVE-2025-14688IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations5.3
Product normalization is registry-driven with AI assist and human review. How it works