CVE® (Common Vulnerabilities and Exposures) is a list of entries for publicly known cybersecurity vulnerabilities. Each entry contains an identification number, a description, and at least one public reference.

You can find on this page a list of security vulnerabilities fixed in Amazon Aurora MySQL. For general information about security for Amazon Aurora, see "Security in Amazon Aurora". For additional security information for Amazon Aurora MySQL, see "Security with Amazon Aurora MySQL".

We recommend you to always upgrade to the latest Aurora release to be protected against known vulnerabilities. You can use this page to verify whether a particular version of Aurora MySQL has a fix for a specific security vulnerability. If your cluster doesn't have the security fix, you can see which Aurora MySQL version you should upgrade to for that fix.

Any CVEs fixed in a specific Aurora MySQL version are also listed in the release notes for that version:

- Database Engine Updates for Amazon Aurora MySQL 2.0
- Database Engine Updates for Amazon Aurora MySQL 1.1

Vulnerability Identifier Aurora Release
CVE-2018-0734 1.19.1, 2.04.3
CVE-2019-2534 1.19.1, 2.04.3
CVE-2018-3155 2.04.3
CVE-2018-3056 2.04.4
CVE-2018-2612 1.19.1, 2.04.3
CVE-2018-2562 1.19.2, 2.04.4
CVE-2018-2696 1.19.5, 2.04.5
CVE-2017-3329 1.19.2, 2.04.4
CVE-2017-3599 1.19.1, 2.04.3
CVE-2015-4737 1.19.5