Orientdb Orientdb
7 CVEs affecting Orientdb Orientdb. Latest disclosed: 2026-02-20. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-11467 | Critical | 9.8 | 2017-07-20 | OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbit… |
CVE-2015-2912 | High | 8.8 | 2015-12-31 | The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values… |
CVE-2019-25448 | Medium | 6.4 | 2026-02-20 | OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with scr… |
CVE-2019-25449 | Medium | 6.1 | 2026-02-20 | OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads t… |
CVE-2015-2918 | Medium | 6.1 | 2015-12-31 | The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it… |
CVE-2015-2913 | Medium | 5.9 | 2015-12-31 | server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 imprope… |
CVE-2019-25447 | Medium | 4.3 | 2026-02-20 | OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malic… |