Vulnerabilities > Yugabyte > Yugabytedb > 2.1.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-6001 | Missing Authorization vulnerability in Yugabyte Yugabytedb Prometheus metrics are available without authentication. | 7.5 |
| 2023-08-30 | CVE-2023-4640 | Unspecified vulnerability in Yugabyte Yugabytedb The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. | 7.5 |
| 2023-02-09 | CVE-2023-0575 | Unspecified vulnerability in Yugabyte Yugabytedb External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. | 9.8 |