Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-iotdb@1.0.1
Typepypi
Namespace
Nameapache-iotdb
Version1.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.5
Latest_non_vulnerable_version2.0.5
Affected_by_vulnerabilities
0
url VCID-5xmw-u38h-4yhs
vulnerability_id VCID-5xmw-u38h-4yhs
summary 
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.

This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.

Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26864
reference_id
reference_type
scores
0
value 0.0049
scoring_system epss
scoring_elements 0.6588
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26864
1
reference_url https://lists.apache.org/thread/2kcjnlypppk8qjh17dpz0jvkcpn6l162
reference_id
reference_type
scores
url https://lists.apache.org/thread/2kcjnlypppk8qjh17dpz0jvkcpn6l162
2
reference_url http://www.openwall.com/lists/oss-security/2025/05/14/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/05/14/4
fixed_packages
0
url pkg:pypi/apache-iotdb@1.3.4
purl pkg:pypi/apache-iotdb@1.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-skcm-h3kp-xygf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-iotdb@1.3.4
aliases CVE-2025-26864, PYSEC-2025-60
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xmw-u38h-4yhs
1
url VCID-skcm-h3kp-xygf
vulnerability_id VCID-skcm-h3kp-xygf
summary 
Deserialization of Untrusted Data vulnerability in Apache IoTDB.

This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.

Users are recommended to upgrade to version 2.0.5, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48459
reference_id
reference_type
scores
0
value 0.00625
scoring_system epss
scoring_elements 0.70517
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48459
1
reference_url https://github.com/apache/iotdb
reference_id
reference_type
scores
url https://github.com/apache/iotdb
2
reference_url https://github.com/apache/iotdb/commit/5ad4a940ed84abca27c7e8be86cb371a49900491
reference_id
reference_type
scores
url https://github.com/apache/iotdb/commit/5ad4a940ed84abca27c7e8be86cb371a49900491
3
reference_url https://lists.apache.org/thread/mr84n19nv8d0bmcrfsj3mm5ff5qn4q2f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://lists.apache.org/thread/mr84n19nv8d0bmcrfsj3mm5ff5qn4q2f
4
reference_url http://www.openwall.com/lists/oss-security/2025/09/24/8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url http://www.openwall.com/lists/oss-security/2025/09/24/8
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48459
reference_id CVE-2025-48459
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-48459
6
reference_url https://github.com/advisories/GHSA-776q-jw43-fhjx
reference_id GHSA-776q-jw43-fhjx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-776q-jw43-fhjx
fixed_packages
0
url pkg:pypi/apache-iotdb@2.0.5
purl pkg:pypi/apache-iotdb@2.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-iotdb@2.0.5
aliases CVE-2025-48459, GHSA-776q-jw43-fhjx, PYSEC-2025-88
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skcm-h3kp-xygf
2
url VCID-uqwj-scd9-bfe8
vulnerability_id VCID-uqwj-scd9-bfe8
summary 
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.

This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.

Users are recommended to upgrade to version 1.3.4, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24780
reference_id
reference_type
scores
0
value 0.01632
scoring_system epss
scoring_elements 0.82217
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24780
1
reference_url https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj
reference_id
reference_type
scores
url https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj
2
reference_url http://www.openwall.com/lists/oss-security/2025/05/14/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2025/05/14/2
fixed_packages
0
url pkg:pypi/apache-iotdb@1.3.4
purl pkg:pypi/apache-iotdb@1.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-skcm-h3kp-xygf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-iotdb@1.3.4
aliases CVE-2024-24780, PYSEC-2025-59
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqwj-scd9-bfe8
3
url VCID-x1ke-vcwx-fkbz
vulnerability_id VCID-x1ke-vcwx-fkbz
summary 
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.

Users are recommended to upgrade to version 1.3.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46226
reference_id
reference_type
scores
0
value 0.03439
scoring_system epss
scoring_elements 0.87694
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46226
1
reference_url https://github.com/apache/iotdb
reference_id
reference_type
scores
url https://github.com/apache/iotdb
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2024-11.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-iotdb/PYSEC-2024-11.yaml
3
reference_url https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.apache.org/thread/293b4ob65ftnfwyf62fb9zh8gwdy38hg
4
reference_url http://www.openwall.com/lists/oss-security/2024/01/15/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2024/01/15/1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46226
reference_id CVE-2023-46226
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-46226
6
reference_url https://github.com/advisories/GHSA-rxgg-273w-rfw7
reference_id GHSA-rxgg-273w-rfw7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxgg-273w-rfw7
fixed_packages
0
url pkg:pypi/apache-iotdb@1.3.0
purl pkg:pypi/apache-iotdb@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5xmw-u38h-4yhs
1
vulnerability VCID-skcm-h3kp-xygf
2
vulnerability VCID-uqwj-scd9-bfe8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-iotdb@1.3.0
aliases CVE-2023-46226, GHSA-rxgg-273w-rfw7, PYSEC-2024-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ke-vcwx-fkbz
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-iotdb@1.0.1