| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35402 | mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures | neo4j-contrib | mcp-neo4j | - | - | 2026-04-17 20:34:07 | Deep Dive |
| CVE-2026-1471 | Caching of authentication context | Neo4j | Enterprise edition | - | - | 2026-03-11 16:30:24 | Deep Dive |
| CVE-2026-1524 | Auth misconfiguration when multiple providers enabled | neo4j | Enterprise Edition | - | - | 2026-03-11 16:16:35 | Deep Dive |
| CVE-2026-1497 | Incorrect privilege assignment in composite databases | neo4j | Enterprise Edition | - | - | 2026-03-11 15:50:58 | Deep Dive |
| CVE-2026-1337 | Insufficient escaping of unicode characters in query log | neo4j | Enterprise Edition | - | - | 2026-02-06 13:13:19 | Deep Dive |
| CVE-2026-1622 | Unredacted data exposure in query.log | neo4j | Enterprise Edition | - | - | 2026-02-04 09:14:46 | Deep Dive |
| CVE-2025-12738 | Enumeration of restricted property value | neo4j | Enterprise Edition | - | - | 2026-01-22 13:29:12 | Deep Dive |
| CVE-2025-66169 | Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component | Apache Software Foundation | Apache Camel Neo4j | - | - | 2026-01-14 11:45:20 | Deep Dive |
| CVE-2025-11602 | Untargeted information leak in Bolt protocol handshake | neo4j | Enterprise Edition | 中危 | - | 2025-10-31 10:20:17 | Deep Dive |
| CVE-2025-10193 | Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks | neo4j | neo4j-cypher MCP server | - | - | 2025-09-11 14:05:31 | Deep Dive |
| CVE-2024-34517 | Neo4j 安全漏洞 | Neo4j | Neo4j | Medium | 6.5 | 2024-05-07 00:00:00 | Deep Dive |
| CVE-2023-23926 | Neo4j 代码问题漏洞 | neo4j | apoc | Medium | 5.9 | 2023-02-16 00:00:00 | Deep Dive |
| CVE-2022-23532 | neo4j-apoc-procedures is vulnerable to path traversal | neo4j-contrib | neo4j-apoc-procedures | High | 7.1 | 2023-01-14 00:29:27 | Deep Dive |