products / mysql
MySQL
MySQL is Oracle's widely deployed open-source relational database. Attestd merges NVD data across two vendor namespaces: mysql:mysql (pre-Oracle acquisition) and oracle:mysql (current). Use dotted release versions (8.0.x, 8.4.x) as in NVD.
api usage
Querying MySQL
product slug
mysqlversion format
8.0.32, 8.4.5bash
curl "https://api.attestd.io/v1/check?product=mysql&version=8.0.32" \
-H "Authorization: Bearer $ATTESTD_KEY"Version 8.0.32 is a spot-check for CVE-2023-21980 (RCE-class issue, CVSS 7.1). Replace the example JSON below with the live API response after ingestion on your environment.
json
{
"product": "mysql",
"version": "8.0.32",
"supported": true,
"risk_state": "high",
"risk_factors": ["remote_exploitable", "patch_available"],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "8.0.33",
"confidence": 0.88,
"cve_ids": ["CVE-2023-21980"],
"last_updated": "2026-04-03T00:00:00Z"
}cleaner line
Example: newer release
A current GA line (e.g. 9.x) may return risk_state: "none" if no NVD ranges match — verify with /v1/check after synthesis.
bash
curl "https://api.attestd.io/v1/check?product=mysql&version=9.2.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2023-21980 | Vulnerability in MySQL Server allowing high-privilege attackers with network access to compromise the server. | 8.0.x (see NVD) | 7.1 |
CVE-2022-21589 | MySQL Server vulnerability — component InnoDB; authenticated network attacker. | 8.0, 8.1 | 4.9 |
CVE-2021-3711 | OpenSSL-related exposure in bundled components (context-dependent). | see NVD | 7.5 |
CVE-2020-14878 | MySQL Server privilege escalation / unauthorized data access vectors. | 8.0 | 4.9 |
CVE-2018-3282 | InnoDB component flaw allowing denial of service. | 5.7, 8.0 | 6.5 |
data sources
CPE namespaces
Ingestion queries both cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* and cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*, then deduplicates on CVE ID. Skipping either namespace can miss historical CVE rows.
related