products / couchdb
Apache CouchDB
CouchDB is a document database with replication, tracked as apache:couchdb. Historical CVEs include critical RCEs; some entries appear on the CISA KEV catalog.
api usage
Querying CouchDB
product slug
couchdbversion format
3.2.1, 3.3.3bash
curl "https://api.attestd.io/v1/check?product=couchdb&version=3.2.1" \
-H "Authorization: Bearer $ATTESTD_KEY"Spot-check CVE-2022-24706 (critical RCE, KEV). Expect risk_state: "critical" when KEV is wired.
json
{
"product": "couchdb",
"version": "3.2.1",
"supported": true,
"risk_state": "critical",
"risk_factors": ["actively_exploited", "remote_exploitable", "patch_available"],
"actively_exploited": true,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "3.2.2",
"confidence": 0.92,
"cve_ids": ["CVE-2022-24706"],
"last_updated": "2026-04-03T00:00:00Z"
}cleaner line
Patched line
bash
curl "https://api.attestd.io/v1/check?product=couchdb&version=3.4.2" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2022-24706 | RCE via crafted HTTP / CouchDB packaging defaults (KEV). | 3.2.1 and prior | 10.0 |
CVE-2018-8007 | Information disclosure via CouchDB admin API. | 2.x | 7.5 |
CVE-2017-12636 | Privilege escalation in CouchDB admin interface. | 1.7, 2.x | 9.8 |
CVE-2023-38325 | CouchDB security update (verify NVD ranges). | see NVD | 7.5 |
CVE-2024-39918 | CouchDB component vulnerability (sentinel may lag). | see NVD | 6.0 |
related