Tarantool - 3 CVEs (Page 1/1)

About “Tarantool”

A curated feed of “Tarantool”-related CVEs appears below. We currently track 3 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 6.1 (all time; 3.3 over 365d), and 67% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-617 - Reachable Assertion.

In our taxonomy this topic maps to a LOW impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: tarantool

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL	LTS
3.7	2026-04-22	3.7.0	-
3.6	2025-12-12	3.6.3	-
3.5	2025-08-27	3.5.2	-
3.4	2025-04-15	3.4.2	2027-04-14
3.3	2024-11-29	3.3.5	2026-11-29 Soon
3.2	2024-08-26	3.2.4	2026-08-26 Soon
3.1	2024-04-16	3.1.2	2024-08-26 Expired
3.0	2023-12-26	3.0.2	2024-04-16 Expired
2.11	2023-05-24	2.11.9	2027-05-24	LTS
2.10	2022-05-22	2.10.8	2023-05-24 Expired
2.8	2020-12-30	2.8.4	2022-04-25 Expired
2.7	2020-10-23	2.7.3	2021-08-19 Expired
2.6	2020-07-17	2.6.3	2021-04-21 Expired
2.5	2020-04-20	2.5.3	2020-12-30 Expired
2.4	2020-01-10	2.4.3	2020-10-22 Expired
2.3	2019-08-02	2.3.3	2020-07-17 Expired
2.2	2019-03-22	2.2.3	2020-04-20 Expired
1.10	2018-03-07	1.10.15	2023-05-24 Expired	LTS

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS · RSS (expired) · ICS

Subscribe CVEs: RSS for “Tarantool” · RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2025-06-24

Low

CVE-2025-6536

A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipu…

CVSS: 3.3 CWE: CWE-617 - Reachable Assertion View on NVD

2016-12-23

High

CVE-2016-9037

An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD

High

CVE-2016-9036

An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly ret…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD