IBM Db2 vulnerabilities: known CVEs & security history

IBM · Database · 335 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all IBM Db2 release lines — 335 in total. A CVE here doesn't mean your version is affected — check IBM Db2's current status and the safe version to run.

335

known CVEs

actively exploited (KEV)

critical severity

ransomware-linked

Known IBM Db2 CVEs

Actively-exploited and most-severe first. Showing the top 80 of 335. Open any CVE for full details.

CVE	Severity	CVSS	EPSS	Year
CVE-2012-1797	high	10	2%	2012
CVE-2010-3731	high	10	10%	2010
CVE-2010-3193	high	10	3%	2010
CVE-2009-4335	high	10	2%	2009
CVE-2009-3473	high	10	2%	2009
CVE-2008-6821	high	10	4%	2009
CVE-2008-6820	high	10	2%	2009
CVE-2008-4692	high	10	2%	2008
CVE-2007-3676	high	10	4%	2008
CVE-2007-2582	high	10	27%	2007
CVE-2012-3324	high	9	4%	2012
CVE-2008-1997	high	9	4%	2008
CVE-2008-0699	high	9	5%	2008
CVE-2021-29678	high	8.7	1%	2021
CVE-2014-3094	high	8.5	5%	2014
CVE-2013-6744	high	8.5	3%	2014
CVE-2012-4826	high	8.5	5%	2012
CVE-2008-1998	high	8.5	3%	2008
CVE-2025-36384	high	8.4	0%	2026
CVE-2023-47145	high	8.4	0%	2024
CVE-2023-30431	high	8.4	0%	2023
CVE-2023-27558	high	8.4	0%	2023
CVE-2018-1936	high	8.4	1%	2019
CVE-2018-1980	high	8.4	1%	2019
CVE-2018-1978	high	8.4	1%	2019
CVE-2018-1923	high	8.4	1%	2019
CVE-2018-1922	high	8.4	1%	2019
CVE-2018-1897	high	8.4	1%	2018
CVE-2018-1802	high	8.4	0%	2018
CVE-2018-1781	high	8.4	0%	2018
CVE-2018-1711	high	8.4	0%	2018
CVE-2018-1710	high	8.4	1%	2018
CVE-2018-1566	high	8.4	0%	2018
CVE-2018-1487	high	8.4	0%	2018
CVE-2018-1565	high	8.4	0%	2018
CVE-2018-1544	high	8.4	0%	2018
CVE-2018-1488	high	8.4	1%	2018
CVE-2020-4945	high	8.1	1%	2021
CVE-2015-1935	high	8	4%	2015
CVE-2025-33092	high	7.8	0%	2025
CVE-2019-4588	high	7.8	0%	2021
CVE-2020-5025	high	7.8	1%	2021
CVE-2020-4739	high	7.8	0%	2020
CVE-2020-4701	high	7.8	0%	2020
CVE-2020-4363	high	7.8	0%	2020
CVE-2020-4204	high	7.8	1%	2020
CVE-2019-4322	high	7.8	1%	2019
CVE-2019-4154	high	7.8	1%	2019
CVE-2019-4014	high	7.8	1%	2019
CVE-2019-4094	high	7.8	0%	2019
CVE-2019-4016	high	7.8	1%	2019
CVE-2019-4015	high	7.8	1%	2019
CVE-2018-1780	high	7.8	0%	2018
CVE-2018-1459	high	7.8	1%	2018
CVE-2017-1452	high	7.8	0%	2017
CVE-2017-1451	high	7.8	0%	2017
CVE-2008-0698	high	7.8	2%	2008
CVE-2007-5652	high	7.8	2%	2007
CVE-2018-1448	high	7.7	0%	2018
CVE-2023-30991	high	7.5	1%	2023
CVE-2023-30449	high	7.5	1%	2023
CVE-2023-30445	high	7.5	1%	2023
CVE-2023-26021	high	7.5	1%	2023
CVE-2023-29255	high	7.5	1%	2023
CVE-2022-22390	high	7.5	1%	2022
CVE-2021-39002	high	7.5	1%	2021
CVE-2021-20373	high	7.5	1%	2021
CVE-2021-29825	high	7.5	1%	2021
CVE-2021-29703	high	7.5	2%	2021
CVE-2021-29702	high	7.5	2%	2021
CVE-2020-5024	high	7.5	2%	2021
CVE-2020-4420	high	7.5	2%	2020
CVE-2020-4135	high	7.5	3%	2020
CVE-2012-0711	high	7.5	5%	2012
CVE-2011-0731	high	7.5	4%	2011
CVE-2010-3194	high	7.5	2%	2010
CVE-2009-4333	high	7.5	1%	2009
CVE-2009-3471	high	7.5	2%	2009
CVE-2008-3958	high	7.5	2%	2008
CVE-2008-0696	high	7.5	1%	2008

255 older / lower-severity CVEs not shown — see IBM Db2's full record.

Is my IBM Db2 version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your IBM Db2 version → · Monitor IBM Db2 for new CVEs →

IBM Db2 vulnerabilities — frequently asked

How many known vulnerabilities does IBM Db2 have?

IsItPatched tracks 335 CVEs for IBM Db2. 0 are critical-severity and 109 high-severity. These span every release line — what matters is whether the version you run is affected.

Does IBM Db2 have any actively-exploited vulnerabilities?

None of IBM Db2's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe IBM Db2 vulnerability?

Among tracked issues, CVE-2012-1797 (HIGH, CVSS 10) ranks highest — a CWE-264 weakness.

Is IBM Db2 safe to use?

It depends on the version. The latest supported IBM Db2 release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: IBM Db2 security status · IBM Db2 end-of-life · actively-exploited CVEs. Always verify against IBM's advisories — see our disclaimer.