Security vulnerabilities fixed in Aurora MySQL - Amazon Aurora

Security vulnerabilities fixed in Aurora MySQL

Common Vulnerabilities and Exposures (CVE) is a list of entries for publicly known cybersecurity vulnerabilities. Each entry contains an identification number, a description, and at least one public reference.

You can find on this page a list of security vulnerabilities fixed in Aurora MySQL. For general information about security for Aurora, see Security in Amazon Aurora in the Amazon Aurora User Guide. For additional security information for Aurora MySQL, see Security with Amazon Aurora MySQL in the Amazon Aurora User Guide.

We recommend that you always upgrade to the latest Aurora release to be protected against known vulnerabilities. You can use this page to verify whether a particular version of Aurora MySQL has a fix for a specific security vulnerability. If your cluster doesn't have the security fix, you can see which Aurora MySQL version you should upgrade to for that fix.

CVEs fixed in Aurora MySQL version 1, 2 and 3 are also listed in the release notes for that version:


The initial release of Aurora MySQL version 3 includes all CVEs fixed up to community MySQL 8.0.23. For future CVEs that are fixed, look for them listed here and in the Aurora MySQL version 3 release notes.

CVEs and minimum fixed Aurora MySQL versions