VYPR
Vendor

Aiven Open

Products
9
CVEs
15
Across products
15
Status
Private

Products

9

Recent CVEs

15
  • CVE-2025-61673HigOct 3, 2025
    risk 0.56cvss 8.6epss 0.00

    Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token…

  • CVE-2025-31480CriApr 4, 2025
    risk 0.52cvss 9.1epss 0.00

    aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should…

  • CVE-2026-23529HigJan 16, 2026
    risk 0.50cvss 7.7epss 0.00

    Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud…

  • CVE-2026-45080MedJun 2, 2026
    risk 0.45cvss epss 0.00

    Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4.

  • CVE-2026-39961MedApr 9, 2026
    risk 0.37cvss 6.8epss 0.00

    Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database…

  • CVE-2024-56142MedDec 17, 2024
    risk 0.35cvss 6.5epss 0.00

    pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path…

  • CVE-2026-44367LowJun 2, 2026
    risk 0.18cvss 2.7epss 0.00

    Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and…

  • CVE-2026-54711lowJun 18, 2026
    risk 0.00cvss epss

    ### Impact When using .pgpass, database connection information including the username and password will be logged at the debug level. ### Patches Upgrade to version 2.7.1 or greater. ### Workarounds Filter out debug-level logs. ### References This issue was discovered by…

  • CVE-2026-29190Mar 7, 2026
    risk 0.00cvss epss 0.00

    Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit…

  • CVE-2026-25999Feb 11, 2026
    risk 0.00cvss epss 0.00

    Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the…

  • CVE-2025-67745Dec 18, 2025
    risk 0.00cvss epss 0.00

    MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into…

  • CVE-2025-55283Aug 18, 2025
    risk 0.00cvss epss 0.01

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing…

  • CVE-2025-55282Aug 18, 2025
    risk 0.00cvss epss 0.01

    aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path…

  • CVE-2023-51390Dec 20, 2023
    risk 0.00cvss epss 0.00

    journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential…

  • CVE-2023-32305May 12, 2023
    risk 0.00cvss epss 0.01

    aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged…