VYPR

Maven package

org.neo4j/neo4j

pkg:maven/org.neo4j/neo4j

Vulnerabilities (4)

  • CVE-2026-1337Feb 6, 2026
    affected < 2026.01fixed 2026.01

    Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a pr

  • CVE-2026-1622MedFeb 4, 2026
    affected < 5.26.21fixed 5.26.21

    Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not redact error information, exp

  • CVE-2021-34371Aug 5, 2021
    affected < 3.5.0fixed 3.5.0

    Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

  • CVE-2013-7259Apr 29, 2014
    affected < 2.2.0-M01fixed 2.2.0-M01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db