SingleStore logo

  • Pricing

LoginL
Start free
SingleStore logo

SingleStore Security & Trust Center

Learn more

Security Bulletins

Keep up to date with the latest security updates, vulnerability reports, and expert guidance to your key questions on SingleStore's Security Bulletins.

Security Alerts

There are currently no security alerts published here.

Please refer to the SingleStore Security & Trust Center if you have any questions or need documentation around SingleStore's security posture.

Common Vulnerabilities and Exposures (CVEs)

04-15-2025 | Critical RCE Vulnerability in Apache Parquet (CVE-2025-30065)

A KB article has been published on this topic, please refer to: https://support.singlestore.com/hc/en-us/articles/37506955698964-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065.

04-10-2025 | IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514, CVE-2025-24513)

A KB article has been published on this topic, please refer to: https://support.singlestore.com/hc/en-us/articles/37677818320276-IngressNightmare-CVE-2025-1097-CVE-2025-1098-CVE-2025-1974-CVE-2025-24514-CVE-2025-24513.

05-29-2024 | Linguistic Lumberjack (CVE-2024-4323)

A KB article has been published on this topic, please refer to: https://support.singlestore.com/hc/en-us/articles/37678036810772-Linguistic-Lumberjack-CVE-2024-4323.

06-13-2023 | SQL injection flaw in MOVEit Transfer Vulnerability (CVE-2023-34362)

Due to a number of inquiries in regard to the SQL injection flaw in the MOVEit Transfer software product we would like to inform our customers that we are not affected by this vulnerability. We do not use MOVEit Transfer in SingleStore self-managed, SingleStore Helios or our corporate environment and operations.

05-04-2022 | Spring4Shell (CVE-2022-22963, CVE-2010-1622, CVE-2022-22965)

Due to a number of inquiries in regard to the Spring4shell vulnerability we would like to inform our customers that we are not affected by this vulnerability. More specifically, SingleStore is not affected by vulnerabilities identified in Spring Cloud Functions (CVE-2022-22963) or the Spring4shell frameworks (CVE-2010-1622 / CVE-2022-22965).

12-09-2021 | Log4Shell (CVE-2021-44228)

The log4j library is a common library in the Java programming language. SingleStore uses Java solely for HDFS Pipelines, a feature used for loading data from HDFS. This vulnerability does not affect SingleStore at the time of the CVE being published as SingleStore HDFS uses a version of log4j which is not susceptible to this CVE. SingleStore self-managed customers are, as usual, recommended to update to the latest supported version of our software in accordance with our EOL policy.