VYPR

Orientdb

by Orientdb

Source repositories

CVEs (7)

  • CVE-2017-11467CriJul 20, 2017
    risk 0.73cvss 9.8epss 0.73

    OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2015-2912HigDec 31, 2015
    risk 0.57cvss 8.8epss 0.01

    The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information,…

  • CVE-2015-2918MedDec 31, 2015
    risk 0.40cvss 6.1epss 0.01

    The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

  • CVE-2015-2913MedDec 31, 2015
    risk 0.31cvss 5.9epss 0.02

    server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote…

  • CVE-2019-25449Feb 20, 2026
    risk 0.00cvss epss 0.00

    OrientDB 3.0.17 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted JSON payloads to the document endpoint. Attackers can send POST requests to /document/demodb/-1:-1 with script tags in the name…

  • CVE-2019-25448Feb 20, 2026
    risk 0.00cvss epss 0.00

    OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in…

  • CVE-2019-25447Feb 20, 2026
    risk 0.00cvss epss 0.00

    OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or delete databases, modify…