Known Vulnerabilities for ChromaDB by Chroma
Listed below are 6 of the newest known vulnerabilities associated with "ChromaDB" by "Chroma".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45833 json | A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to ... | Not Provided | 2026-06-12 | 2026-06-12 |
| CVE-2026-45832 json | All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization lay... | Not Provided | 2026-06-12 | 2026-06-12 |
| CVE-2026-45831 json | The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluate... | Not Provided | 2026-06-12 | 2026-06-12 |
| CVE-2026-45830 json | A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users t... | Not Provided | 2026-06-12 | 2026-06-12 |
| CVE-2026-45829 json | A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthe... | Not Provided | 2026-05-18 | 2026-05-19 |
| CVE-2026-8828 json | A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to a... | Not Provided | 2026-06-12 | 2026-06-12 |