Known Vulnerabilities for products from Neo4j
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Neo4j".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35402 json | Not Provided | 2026-04-17 | 2026-04-17 | |
| CVE-2026-22743 json | Not Provided | 2026-03-27 | 2026-03-27 | |
| CVE-2023-23926 json | APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the a... | 8.1 - HIGH | 2023-02-16 | 2023-04-14 |
| CVE-2022-37423 json | Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directo... | 7.5 - HIGH | 2022-08-12 | 2022-08-16 |
| CVE-2022-23532 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2023-01-14 | 2023-11-07 |
| CVE-2021-42767 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.1 - CRITICAL | 2022-03-01 | 2022-10-04 |
| CVE-2021-34802 json | A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authe... | 8.8 - HIGH | 2021-07-30 | 2021-08-04 |
| CVE-2021-34371 json | Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g.,... | 9.8 - CRITICAL | 2021-08-05 | 2021-08-12 |
| CVE-2018-1000820 json | neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML P... | 10 - CRITICAL | 2018-12-20 | 2023-01-23 |
| CVE-2018-18389 json | Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authenticatio... | 9.8 - CRITICAL | 2018-10-16 | 2019-01-18 |
| CVE-2013-7259 json | Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication... | 6.8 - MEDIUM | 2014-04-29 | 2014-08-04 |
Known software with vulnerabilities from Neo4j
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Neo4j | Neo4j | 3.4.0 |