VulnerableCode Package Details - pkg:pypi/apache-iotdb@1.3.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-skcm-h3kp-xygf Aliases: CVE-2025-48459 GHSA-776q-jw43-fhjx PYSEC-2025-88	Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.	2.0.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-skcm-h3kp-xygf
Aliases:
CVE-2025-48459
GHSA-776q-jw43-fhjx
PYSEC-2025-88

Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

2.0.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5xmw-u38h-4yhs	Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.	CVE-2025-26864 GHSA-5fc3-pqf2-57cx PYSEC-2025-60
VCID-uqwj-scd9-bfe8	Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.	CVE-2024-24780 GHSA-f4rq-f4j9-f6rm PYSEC-2025-59

Vulnerability

Summary

Aliases

VCID-5xmw-u38h-4yhs

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

CVE-2025-26864
GHSA-5fc3-pqf2-57cx
PYSEC-2025-60

VCID-uqwj-scd9-bfe8

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue.

CVE-2024-24780
GHSA-f4rq-f4j9-f6rm
PYSEC-2025-59

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:03:55.718530+00:00	GithubOSV Importer	Fixing	VCID-uqwj-scd9-bfe8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-f4rq-f4j9-f6rm/GHSA-f4rq-f4j9-f6rm.json	38.6.0
2026-05-31T11:03:51.686045+00:00	GithubOSV Importer	Fixing	VCID-5xmw-u38h-4yhs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-5fc3-pqf2-57cx/GHSA-5fc3-pqf2-57cx.json	38.6.0
2026-05-31T09:47:06.379665+00:00	PyPI Importer	Affected by	VCID-skcm-h3kp-xygf	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:46:56.611106+00:00	PyPI Importer	Fixing	VCID-5xmw-u38h-4yhs	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:46:56.535220+00:00	PyPI Importer	Fixing	VCID-uqwj-scd9-bfe8	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:36:38.801987+00:00	Pypa Importer	Affected by	VCID-skcm-h3kp-xygf	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-88.yaml	38.6.0
2026-05-30T20:36:17.792382+00:00	Pypa Importer	Fixing	VCID-5xmw-u38h-4yhs	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml	38.6.0
2026-05-30T20:36:17.639130+00:00	Pypa Importer	Fixing	VCID-uqwj-scd9-bfe8	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-59.yaml	38.6.0