What is the Neo4j CNA?
Neo4j is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 5 CVE records since 2025.
How many CVEs has Neo4j published?
Neo4j has published 5 CVE records, including 5 in the last two years.
What is Neo4j's CVE data quality grade?
RadicalNotion.AI grades Neo4j's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does Neo4j publish CVEs for?
Neo4j most frequently publishes CVEs for Enterprise Edition, neo4j, Community Edition, org.neo4j:neo4j, mcp-neo4j-cypher.
Which vendors does Neo4j cover?
Neo4j publishes CVEs across 1 distinct vendors, most often neo4j, org.neo4j, Bitnami, pip.
Is Neo4j actively publishing CVEs?
Neo4j is currently active, based on 5 CVEs in the last two years.
What is the average severity of Neo4j's CVEs?
The average CVSS base score across Neo4j's scored CVEs is 4.2.
Are any of Neo4j's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Neo4j's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Neo4j's CVEs?
Neo4j's CVEs most often map to these CWE weakness types: CWE-863 (Incorrect Authorization), CWE-117 (Improper Output Neutralization for Logs), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-226 (Sensitive Information in Resource Not Removed Before Reuse).
How does Neo4j rank among CNAs?
By total CVE volume, Neo4j ranks #357 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
