VYPR

Bitnami package

neo4j

pkg:bitnami/neo4j

Vulnerabilities (6)

  • CVE-2026-1524CriMar 11, 2026
    affected < 5.26.22fixed 5.26.22

    An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provi

  • CVE-2026-1471MedMar 11, 2026
    affected < 5.26.22fixed 5.26.22

    Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo e

  • CVE-2026-1497HigMar 11, 2026
    affected < 5.26.22fixed 5.26.22

    Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:  an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently gran

  • CVE-2026-1337Feb 6, 2026
    affected < 2026.1.0fixed 2026.1.0

    Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a pr

  • CVE-2024-34517May 7, 2024
    affected >= 5.0.0, < 5.20.0fixed 5.20.0

    The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

  • CVE-2021-34371Aug 5, 2021
    affected < 3.4.19fixed 3.4.19

    Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.