What is the Yugabyte CNA?
Yugabyte is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 18 CVE records since 2022.
How many CVEs has Yugabyte published?
Yugabyte has published 18 CVE records, including 11 in the last two years.
What is Yugabyte's CVE data quality grade?
RadicalNotion.AI grades Yugabyte's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does Yugabyte publish CVEs for?
Yugabyte most frequently publishes CVEs for YugabyteDB Anywhere, yugabyte-db, YugabyteDB, yugabytedb managed, windows.
Which vendors does Yugabyte cover?
Yugabyte publishes CVEs across 3 distinct vendors, most often yugabyte, YugabyteDB, YugabyteDB Inc, linux, microsoft.
Is Yugabyte actively publishing CVEs?
Yugabyte is currently active, based on 11 CVEs in the last two years.
What is the average severity of Yugabyte's CVEs?
The average CVSS base score across Yugabyte's scored CVEs is 6.0.
Are any of Yugabyte's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Yugabyte's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Yugabyte's CVEs?
Yugabyte's CVEs most often map to these CWE weakness types: CWE-532 (Insertion of Sensitive Information into Log File), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-23 (Relative Path Traversal), CWE-269 (Improper Privilege Management).
How does Yugabyte rank among CNAs?
By total CVE volume, Yugabyte ranks #254 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
