Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/apache-iotdb@1.3.0
purl pkg:pypi/apache-iotdb@1.3.0
Next non-vulnerable version 2.0.5
Latest non-vulnerable version 2.0.5
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-5xmw-u38h-4yhs
Aliases:
CVE-2025-26864
GHSA-5fc3-pqf2-57cx
PYSEC-2025-60
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.
1.3.4
Affected by 1 other vulnerability.
2.0.2
Affected by 1 other vulnerability.
VCID-skcm-h3kp-xygf
Aliases:
CVE-2025-48459
GHSA-776q-jw43-fhjx
PYSEC-2025-88
Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.
2.0.5
Affected by 0 other vulnerabilities.
VCID-uqwj-scd9-bfe8
Aliases:
CVE-2024-24780
GHSA-f4rq-f4j9-f6rm
PYSEC-2025-59
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.
1.3.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-x1ke-vcwx-fkbz Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. CVE-2023-46226
GHSA-rxgg-273w-rfw7
PYSEC-2024-11

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T10:46:42.526743+00:00 GithubOSV Importer Fixing VCID-x1ke-vcwx-fkbz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rxgg-273w-rfw7/GHSA-rxgg-273w-rfw7.json 38.6.0
2026-05-31T09:47:06.373144+00:00 PyPI Importer Affected by VCID-skcm-h3kp-xygf https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:46:56.603626+00:00 PyPI Importer Affected by VCID-5xmw-u38h-4yhs https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:46:56.527555+00:00 PyPI Importer Affected by VCID-uqwj-scd9-bfe8 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:45:47.054665+00:00 PyPI Importer Fixing VCID-x1ke-vcwx-fkbz https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T01:01:48.447907+00:00 GHSA Importer Fixing VCID-x1ke-vcwx-fkbz https://github.com/advisories/GHSA-rxgg-273w-rfw7 38.6.0
2026-05-30T21:03:04.271978+00:00 GitLab Importer Fixing VCID-x1ke-vcwx-fkbz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/apache-iotdb/CVE-2023-46226.yml 38.6.0
2026-05-30T20:36:38.786185+00:00 Pypa Importer Affected by VCID-skcm-h3kp-xygf https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-88.yaml 38.6.0
2026-05-30T20:36:17.776376+00:00 Pypa Importer Affected by VCID-5xmw-u38h-4yhs https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml 38.6.0
2026-05-30T20:36:17.620269+00:00 Pypa Importer Affected by VCID-uqwj-scd9-bfe8 https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-59.yaml 38.6.0
2026-05-30T20:33:44.497620+00:00 Pypa Importer Fixing VCID-x1ke-vcwx-fkbz https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2024-11.yaml 38.6.0