GCVE - cpe:2.3:a:aiven:aiven-db-migrate:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aiven:aiven-db-migrate:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aiven (`55dae46f-23ce-5560-8065-cd68a0390f60`)
Product	Aiven Db Migrate (`3deccf7c-8234-50e0-bf98-3a7522fb11db`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/aiven/aiven-db-migrate`	purl2cpe	2026-06-01 10:18:08.291933

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-55283`	vulnerable	2026-06-08 07:33:14.559625	aiven-db-migrate allows Privilege Escalation through use of psql during migration CRITICAL (9.1) aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a dump from the source server. This vulnerability is fixed in 1.0.7. Published: 2025-08-18T16:46:58.839Z Updated: 2025-08-18T19:50:54.911Z Open on db.gcve.eu Reference links https://github.com/aiven/aiven-db-migrate/security/advisories/GHSA-wqhc-grmj-fjvg https://github.com/aiven/aiven-db-migrate/commit/36f6c7f7d06216975f625da0a1cb514253c4b3df	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55282`	vulnerable	2026-06-08 07:33:14.559275	aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration CRITICAL (9.1) aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7. Published: 2025-08-18T16:44:02.944Z Updated: 2025-08-18T19:49:56.981Z Open on db.gcve.eu Reference links https://github.com/aiven/aiven-db-migrate/security/advisories/GHSA-hmvf-93r4-36f9 https://github.com/aiven/aiven-db-migrate/commit/39517dc55720055d93262033b142a365f5bf92c5	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.