CVE Daily
← All tags

Tag: Vitess

All CVEs associated with "Vitess". Page 1/1 • 6 CVEs.

About “Vitess”

A curated feed of “Vitess”-related CVEs appears below. We currently track 6 CVEs for this tag (all time). In the last 365 days, 2 were published. Average CVSS is 6.1 (all time; 9.4 over 365d), and 33% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

In our taxonomy this topic maps to a MODERATE impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: vitess

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
2424.0.1
2323.0.4 Soon
2222.0.4 Expired
2121.0.6 Expired
2020.0.8 Expired
1919.0.10 Expired
1818.0.8 Expired
1717.0.7 Expired
1616.0.7 Expired
1515.0.5 Expired
1414.0.5 Expired
1313.0.3 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Vitess”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-02-26
High

CVE-2026-27969

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manip…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2026-27965

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manip…

CVSS: 9.9 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2024-12-03
Medium

CVE-2024-53257

Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries…

CVSS: 4.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-05-08
Medium

CVE-2024-32886

Vitess is a database clustering system for horizontal scaling of MySQL. When executing the following simple query, the `vtgate` will go into an endless loop that also keeps consuming memory and event…

CVSS: 4.9 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2023-05-11
Medium

CVE-2023-29195

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing…

CVSS: 4.1 CWE: CWE-20 - Improper Input Validation View on NVD
2023-04-14
Medium

CVE-2023-29194

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyon…

CVSS: 4.1 CWE: CWE-20 - Improper Input Validation View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox