Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

aiven

Source -

CNANVD

BOS Name -

Aiven

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-55283
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 18.72%
||
7 Day CHG+0.01%
Published-18 Aug, 2025 | 16:46
Updated-21 Aug, 2025 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aiven-db-migrate allows Privilege Escalation through use of psql during migration

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a dump from the source server. This vulnerability is fixed in 1.0.7.

Action-Not Available
Vendor-Aiven
Product-aiven-db-migrateaiven-db-migrate
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-55282
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 19.54%
||
7 Day CHG+0.01%
Published-18 Aug, 2025 | 16:44
Updated-21 Aug, 2025 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7.

Action-Not Available
Vendor-Aiven
Product-aiven-db-migrateaiven-db-migrate
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-31480
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 23.29%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 14:49
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aiven-extras allows PostgreSQL Privilege Escalation through format function

aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.

Action-Not Available
Vendor-Aiven
Product-aiven-extras
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-51390
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 23:27
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure Vulnerability in Journalpump

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

Action-Not Available
Vendor-Aiven
Product-journalpumpjournalpump
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-215
Insertion of Sensitive Information Into Debugging Code
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-32305
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 18:46
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aiven-extras PostgreSQL Privilege Escalation Through Overloaded Search Path

aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupAiven
Product-postgresqlaivenaiven-extras
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-20
Improper Input Validation