Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/ckan@2.9.1
Typepypi
Namespace
Nameckan
Version2.9.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.10
Latest_non_vulnerable_version2.11.5
Affected_by_vulnerabilities
0
url VCID-1y9a-p7kw-xuh6
vulnerability_id VCID-1y9a-p7kw-xuh6
summary CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions. Users must have been registered to the site to exploit this vulnerability. This vulnerability has been fixed in CKAN 2.10.7 and 2.11.2. Users are advised to upgrade. On versions prior to CKAN 2.10.7 and 2.11.2, site maintainers can restrict the file types supported for uploading using the `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types` config options. To entirely disable file uploads users can use: `ckan.upload.user.types = none`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24372
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44695
published_at 2026-06-13T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.44682
published_at 2026-06-14T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44525
published_at 2026-06-11T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44678
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24372
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/a4fc5e06634ed51d653ab819a7efc8e62f816f68
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/a4fc5e06634ed51d653ab819a7efc8e62f816f68
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24372
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24372
4
reference_url https://github.com/ckan/ckan/commit/7da6a26c6183e0a97a356d1b1d2407f3ecc7b9c8
reference_id 7da6a26c6183e0a97a356d1b1d2407f3ecc7b9c8
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://github.com/ckan/ckan/commit/7da6a26c6183e0a97a356d1b1d2407f3ecc7b9c8
5
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-mimetypes
reference_id configuration.html#ckan-upload-group-mimetypes
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-mimetypes
6
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-types
reference_id configuration.html#ckan-upload-group-types
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-group-types
7
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-mimetypes
reference_id configuration.html#ckan-upload-user-mimetypes
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-mimetypes
8
reference_url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-types
reference_id configuration.html#ckan-upload-user-types
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://docs.ckan.org/en/latest/maintaining/configuration.html#ckan-upload-user-types
9
reference_url https://github.com/advisories/GHSA-7pq5-qcp6-mcww
reference_id GHSA-7pq5-qcp6-mcww
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7pq5-qcp6-mcww
10
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-7pq5-qcp6-mcww
reference_id GHSA-7pq5-qcp6-mcww
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T19:27:18Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-7pq5-qcp6-mcww
fixed_packages
0
url pkg:pypi/ckan@2.10.7
purl pkg:pypi/ckan@2.10.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tpg-2385-s3af
1
vulnerability VCID-cgtv-pshy-zfbn
2
vulnerability VCID-gr1y-33hz-mub2
3
vulnerability VCID-hjrb-9k1f-h7a1
4
vulnerability VCID-u8uc-dutu-eyc7
5
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.7
1
url pkg:pypi/ckan@2.11.2
purl pkg:pypi/ckan@2.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tpg-2385-s3af
1
vulnerability VCID-cgtv-pshy-zfbn
2
vulnerability VCID-gr1y-33hz-mub2
3
vulnerability VCID-hjrb-9k1f-h7a1
4
vulnerability VCID-u8uc-dutu-eyc7
5
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.2
aliases CVE-2025-24372, GHSA-7pq5-qcp6-mcww
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1y9a-p7kw-xuh6
1
url VCID-9v6a-jt8g-q3cn
vulnerability_id VCID-9v6a-jt8g-q3cn
summary CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43685
reference_id
reference_type
scores
0
value 0.00864
scoring_system epss
scoring_elements 0.75528
published_at 2026-06-11T12:55:00Z
1
value 0.00864
scoring_system epss
scoring_elements 0.75606
published_at 2026-06-14T12:55:00Z
2
value 0.00864
scoring_system epss
scoring_elements 0.75612
published_at 2026-06-13T12:55:00Z
3
value 0.00864
scoring_system epss
scoring_elements 0.75598
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43685
1
reference_url https://ckan.org
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://ckan.org
2
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2022-42987.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2022-42987.yaml
4
reference_url https://ckan.org/
reference_id ckan.org
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:13:30Z/
url https://ckan.org/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43685
reference_id CVE-2022-43685
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43685
6
reference_url https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
reference_id get-latest-patch-releases-your-ckan-site-october-2022
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:13:30Z/
url https://ckan.org/blog/get-latest-patch-releases-your-ckan-site-october-2022
7
reference_url https://github.com/advisories/GHSA-m2xp-jxfg-qq6g
reference_id GHSA-m2xp-jxfg-qq6g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2xp-jxfg-qq6g
fixed_packages
0
url pkg:pypi/ckan@2.9.7
purl pkg:pypi/ckan@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-bhan-qpga-r7fr
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-cxh3-rnr8-13bx
4
vulnerability VCID-gr1y-33hz-mub2
5
vulnerability VCID-hd1v-gpvt-z3b1
6
vulnerability VCID-jf1u-553j-kkhn
7
vulnerability VCID-pheq-uq63-3ucb
8
vulnerability VCID-purf-ztum-ufgr
9
vulnerability VCID-rmu9-d8c5-sucr
10
vulnerability VCID-u8uc-dutu-eyc7
11
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.7
aliases CVE-2022-43685, GHSA-m2xp-jxfg-qq6g, PYSEC-2022-42987
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9v6a-jt8g-q3cn
2
url VCID-bhan-qpga-r7fr
vulnerability_id VCID-bhan-qpga-r7fr
summary CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32696
reference_id
reference_type
scores
0
value 0.00785
scoring_system epss
scoring_elements 0.74302
published_at 2026-06-14T12:55:00Z
1
value 0.00785
scoring_system epss
scoring_elements 0.74216
published_at 2026-06-11T12:55:00Z
2
value 0.00785
scoring_system epss
scoring_elements 0.74291
published_at 2026-06-12T12:55:00Z
3
value 0.00785
scoring_system epss
scoring_elements 0.74304
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32696
1
reference_url https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
reference_id 5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:20:12Z/
url https://github.com/ckan/ckan-docker-base/commit/5483c46ce9b518a4e1b626ef7032cce2c1d75c7d
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32696
reference_id CVE-2023-32696
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-32696
3
reference_url https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
reference_id GHSA-c74x-xfvr-x5wg
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T21:20:12Z/
url https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
fixed_packages
0
url pkg:pypi/ckan@2.9.9
purl pkg:pypi/ckan@2.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-cgtv-pshy-zfbn
2
vulnerability VCID-cxh3-rnr8-13bx
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-hd1v-gpvt-z3b1
5
vulnerability VCID-jf1u-553j-kkhn
6
vulnerability VCID-purf-ztum-ufgr
7
vulnerability VCID-rmu9-d8c5-sucr
8
vulnerability VCID-u8uc-dutu-eyc7
9
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.9
1
url pkg:pypi/ckan@2.10.1
purl pkg:pypi/ckan@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-cxh3-rnr8-13bx
4
vulnerability VCID-gr1y-33hz-mub2
5
vulnerability VCID-hd1v-gpvt-z3b1
6
vulnerability VCID-hjrb-9k1f-h7a1
7
vulnerability VCID-jf1u-553j-kkhn
8
vulnerability VCID-purf-ztum-ufgr
9
vulnerability VCID-rmu9-d8c5-sucr
10
vulnerability VCID-u8uc-dutu-eyc7
11
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.1
aliases CVE-2023-32696, GHSA-c74x-xfvr-x5wg
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhan-qpga-r7fr
3
url VCID-cgtv-pshy-zfbn
vulnerability_id VCID-cgtv-pshy-zfbn
summary CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdown_extract() function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided data on dataset, resource, organization or group pages (plus any page provided by an extension that used that helper function), leading to a potential XSS vector. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54384
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08716
published_at 2026-06-12T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08713
published_at 2026-06-14T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08721
published_at 2026-06-13T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08673
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54384
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/112affffa74b14fc97c54abcf18315df97114917
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/112affffa74b14fc97c54abcf18315df97114917
3
reference_url https://github.com/ckan/ckan/releases/tag/ckan-2.10.9
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/releases/tag/ckan-2.10.9
4
reference_url https://github.com/ckan/ckan/releases/tag/ckan-2.11.4
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/releases/tag/ckan-2.11.4
5
reference_url https://github.com/ckan/ckan/commit/6d0065f2fc7e2682196d125275af34b93e9e554e
reference_id 6d0065f2fc7e2682196d125275af34b93e9e554e
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T17:41:04Z/
url https://github.com/ckan/ckan/commit/6d0065f2fc7e2682196d125275af34b93e9e554e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54384
reference_id CVE-2025-54384
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54384
7
reference_url https://github.com/advisories/GHSA-2r4h-8jxv-w2j8
reference_id GHSA-2r4h-8jxv-w2j8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2r4h-8jxv-w2j8
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-2r4h-8jxv-w2j8
reference_id GHSA-2r4h-8jxv-w2j8
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-29T17:41:04Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-2r4h-8jxv-w2j8
fixed_packages
0
url pkg:pypi/ckan@2.10.9
purl pkg:pypi/ckan@2.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tpg-2385-s3af
1
vulnerability VCID-gr1y-33hz-mub2
2
vulnerability VCID-u8uc-dutu-eyc7
3
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.9
1
url pkg:pypi/ckan@2.11.4
purl pkg:pypi/ckan@2.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tpg-2385-s3af
1
vulnerability VCID-gr1y-33hz-mub2
2
vulnerability VCID-u8uc-dutu-eyc7
3
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.4
aliases CVE-2025-54384, GHSA-2r4h-8jxv-w2j8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgtv-pshy-zfbn
4
url VCID-cxh3-rnr8-13bx
vulnerability_id VCID-cxh3-rnr8-13bx
summary CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents (e.g. pushing to the DataStore, streaming contents or saving a local copy). All of them use the resource URL, and there are currently no checks to limit what URLs can be requested. This means that a malicious (or unaware) user can create a resource with a URL pointing to a place where they should not have access in order for one of the previous tools to retrieve it (known as a Server Side Request Forgery). Users wanting to protect against these kinds of attacks can use one or a combination of the following approaches: (1) Use a separate HTTP proxy like Squid that can be used to allow / disallow IPs, domains etc as needed, and make CKAN extensions aware of this setting via the ckan.download_proxy config option. (2) Implement custom firewall rules to prevent access to restricted resources. (3) Use custom validators on the resource url field to block/allow certain domains or IPs. All latest versions of the plugins listed above support the ckan.download_proxy settings. Support for this setting in the Resource Proxy plugin was included in CKAN 2.10.5 and 2.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43371
reference_id
reference_type
scores
0
value 0.00317
scoring_system epss
scoring_elements 0.55304
published_at 2026-06-12T12:55:00Z
1
value 0.00317
scoring_system epss
scoring_elements 0.55307
published_at 2026-06-14T12:55:00Z
2
value 0.00317
scoring_system epss
scoring_elements 0.5532
published_at 2026-06-13T12:55:00Z
3
value 0.00317
scoring_system epss
scoring_elements 0.55183
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43371
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/382beaec98cb331f2a030459ef043c50eaf5ad53
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/382beaec98cb331f2a030459ef043c50eaf5ad53
3
reference_url https://github.com/ckan/ckan/commit/8601183cc2fc87277ea5b33ff75c3a5610812ab5
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/8601183cc2fc87277ea5b33ff75c3a5610812ab5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43371
reference_id CVE-2024-43371
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43371
5
reference_url https://github.com/advisories/GHSA-g9ph-j5vj-f8wm
reference_id GHSA-g9ph-j5vj-f8wm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g9ph-j5vj-f8wm
6
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-g9ph-j5vj-f8wm
reference_id GHSA-g9ph-j5vj-f8wm
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:17:36Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-g9ph-j5vj-f8wm
fixed_packages
0
url pkg:pypi/ckan@2.10.5
purl pkg:pypi/ckan@2.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-hjrb-9k1f-h7a1
5
vulnerability VCID-u8uc-dutu-eyc7
6
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.5
aliases CVE-2024-43371, GHSA-g9ph-j5vj-f8wm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxh3-rnr8-13bx
5
url VCID-djg3-q7re-tuhg
vulnerability_id VCID-djg3-q7re-tuhg
summary 
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)
keitaroinc/docker-ckan (keitaro/ckan images).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22746
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59471
published_at 2026-06-11T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.59592
published_at 2026-06-13T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59581
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22746
1
reference_url https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
reference_id 44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:04Z/
url https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b
2
reference_url https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa
reference_id 4c22c135fa486afa13855d1cdb9765eaf418d2aa
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:04Z/
url https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22746
reference_id CVE-2023-22746
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-22746
4
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x
reference_id GHSA-pr8j-v4c8-h62x
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:04Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x
fixed_packages
0
url pkg:pypi/ckan@2.9.7
purl pkg:pypi/ckan@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-bhan-qpga-r7fr
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-cxh3-rnr8-13bx
4
vulnerability VCID-gr1y-33hz-mub2
5
vulnerability VCID-hd1v-gpvt-z3b1
6
vulnerability VCID-jf1u-553j-kkhn
7
vulnerability VCID-pheq-uq63-3ucb
8
vulnerability VCID-purf-ztum-ufgr
9
vulnerability VCID-rmu9-d8c5-sucr
10
vulnerability VCID-u8uc-dutu-eyc7
11
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.7
aliases CVE-2023-22746, GHSA-pr8j-v4c8-h62x
risk_score 3.9
exploitability 0.5
weighted_severity 7.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djg3-q7re-tuhg
6
url VCID-gr1y-33hz-mub2
vulnerability_id VCID-gr1y-33hz-mub2
summary CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2.10.10 and 2.11.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41132
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01039
published_at 2026-06-14T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.00881
published_at 2026-06-11T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.00883
published_at 2026-06-13T12:55:00Z
3
value 9e-05
scoring_system epss
scoring_elements 0.00877
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41132
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
2
reference_url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
3
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41132
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41132
5
reference_url https://github.com/advisories/GHSA-mpfm-fpgx-647q
reference_id GHSA-mpfm-fpgx-647q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpfm-fpgx-647q
6
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-mpfm-fpgx-647q
reference_id GHSA-mpfm-fpgx-647q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-14T15:42:05Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-mpfm-fpgx-647q
fixed_packages
0
url pkg:pypi/ckan@2.10.10
purl pkg:pypi/ckan@2.10.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.10
1
url pkg:pypi/ckan@2.11.5
purl pkg:pypi/ckan@2.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.5
aliases CVE-2026-41132, GHSA-mpfm-fpgx-647q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr1y-33hz-mub2
7
url VCID-hd1v-gpvt-z3b1
vulnerability_id VCID-hd1v-gpvt-z3b1
summary A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade. Users unable to upgrade should override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27097
reference_id
reference_type
scores
0
value 0.00446
scoring_system epss
scoring_elements 0.63912
published_at 2026-06-11T12:55:00Z
1
value 0.00446
scoring_system epss
scoring_elements 0.64025
published_at 2026-06-14T12:55:00Z
2
value 0.00446
scoring_system epss
scoring_elements 0.64028
published_at 2026-06-13T12:55:00Z
3
value 0.00446
scoring_system epss
scoring_elements 0.64014
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27097
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-4-2024-03-13
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-4-2024-03-13
2
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
3
reference_url https://github.com/ckan/ckan/commit/5fa133e7e9019573066455b5d442e93c62b3fc93
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/5fa133e7e9019573066455b5d442e93c62b3fc93
4
reference_url https://github.com/ckan/ckan/commit/d81f411bff2da7347c343a83e17f5814475b5b64
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/d81f411bff2da7347c343a83e17f5814475b5b64
5
reference_url https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c
reference_id 81b56c55e5e3651d7fcf9642cd5a489a9b62212c
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:05:35Z/
url https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27097
reference_id CVE-2024-27097
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27097
7
reference_url https://github.com/advisories/GHSA-8g38-3m6v-232j
reference_id GHSA-8g38-3m6v-232j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g38-3m6v-232j
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j
reference_id GHSA-8g38-3m6v-232j
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:05:35Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j
fixed_packages
0
url pkg:pypi/ckan@2.9.11
purl pkg:pypi/ckan@2.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-cgtv-pshy-zfbn
2
vulnerability VCID-cxh3-rnr8-13bx
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-jf1u-553j-kkhn
5
vulnerability VCID-rmu9-d8c5-sucr
6
vulnerability VCID-u8uc-dutu-eyc7
7
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.11
1
url pkg:pypi/ckan@2.10.4
purl pkg:pypi/ckan@2.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-cxh3-rnr8-13bx
4
vulnerability VCID-gr1y-33hz-mub2
5
vulnerability VCID-hjrb-9k1f-h7a1
6
vulnerability VCID-jf1u-553j-kkhn
7
vulnerability VCID-rmu9-d8c5-sucr
8
vulnerability VCID-u8uc-dutu-eyc7
9
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.4
aliases CVE-2024-27097, GHSA-8g38-3m6v-232j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd1v-gpvt-z3b1
8
url VCID-jf1u-553j-kkhn
vulnerability_id VCID-jf1u-553j-kkhn
summary CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datatables_view plugin activated. This is a plugin included in CKAN core, that not activated by default but it is widely used to preview tabular data. This vulnerability has been fixed in CKAN 2.10.5 and 2.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41675
reference_id
reference_type
scores
0
value 0.01078
scoring_system epss
scoring_elements 0.78321
published_at 2026-06-13T12:55:00Z
1
value 0.01078
scoring_system epss
scoring_elements 0.78316
published_at 2026-06-14T12:55:00Z
2
value 0.01078
scoring_system epss
scoring_elements 0.78308
published_at 2026-06-12T12:55:00Z
3
value 0.01078
scoring_system epss
scoring_elements 0.7824
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41675
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/9e89ce8220ab1445e0bd85a67994a51d9d3d2688
reference_id 9e89ce8220ab1445e0bd85a67994a51d9d3d2688
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:35:03Z/
url https://github.com/ckan/ckan/commit/9e89ce8220ab1445e0bd85a67994a51d9d3d2688
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41675
reference_id CVE-2024-41675
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41675
4
reference_url https://github.com/ckan/ckan/commit/d7dfe8c427b1c63c75d788a609f3b7d7620a25a1
reference_id d7dfe8c427b1c63c75d788a609f3b7d7620a25a1
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:35:03Z/
url https://github.com/ckan/ckan/commit/d7dfe8c427b1c63c75d788a609f3b7d7620a25a1
5
reference_url https://github.com/advisories/GHSA-r3jc-vhf4-6v32
reference_id GHSA-r3jc-vhf4-6v32
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3jc-vhf4-6v32
6
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-r3jc-vhf4-6v32
reference_id GHSA-r3jc-vhf4-6v32
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:35:03Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-r3jc-vhf4-6v32
fixed_packages
0
url pkg:pypi/ckan@2.10.5
purl pkg:pypi/ckan@2.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-hjrb-9k1f-h7a1
5
vulnerability VCID-u8uc-dutu-eyc7
6
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.5
aliases CVE-2024-41675, GHSA-r3jc-vhf4-6v32
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jf1u-553j-kkhn
9
url VCID-pheq-uq63-3ucb
vulnerability_id VCID-pheq-uq63-3ucb
summary CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32321
reference_id
reference_type
scores
0
value 0.02184
scoring_system epss
scoring_elements 0.84784
published_at 2026-06-14T12:55:00Z
1
value 0.02799
scoring_system epss
scoring_elements 0.86479
published_at 2026-06-12T12:55:00Z
2
value 0.02882
scoring_system epss
scoring_elements 0.86611
published_at 2026-06-11T12:55:00Z
3
value 0.03126
scoring_system epss
scoring_elements 0.87195
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32321
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32321
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32321
3
reference_url https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
reference_id CHANGELOG.rst
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T19:07:01Z/
url https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
4
reference_url https://github.com/advisories/GHSA-446m-hmmm-hm8m
reference_id GHSA-446m-hmmm-hm8m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-446m-hmmm-hm8m
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
reference_id GHSA-446m-hmmm-hm8m
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T19:07:01Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
fixed_packages
0
url pkg:pypi/ckan@2.9.9
purl pkg:pypi/ckan@2.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-cgtv-pshy-zfbn
2
vulnerability VCID-cxh3-rnr8-13bx
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-hd1v-gpvt-z3b1
5
vulnerability VCID-jf1u-553j-kkhn
6
vulnerability VCID-purf-ztum-ufgr
7
vulnerability VCID-rmu9-d8c5-sucr
8
vulnerability VCID-u8uc-dutu-eyc7
9
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.9
1
url pkg:pypi/ckan@2.10.1
purl pkg:pypi/ckan@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-cxh3-rnr8-13bx
4
vulnerability VCID-gr1y-33hz-mub2
5
vulnerability VCID-hd1v-gpvt-z3b1
6
vulnerability VCID-hjrb-9k1f-h7a1
7
vulnerability VCID-jf1u-553j-kkhn
8
vulnerability VCID-purf-ztum-ufgr
9
vulnerability VCID-rmu9-d8c5-sucr
10
vulnerability VCID-u8uc-dutu-eyc7
11
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.1
aliases CVE-2023-32321, GHSA-446m-hmmm-hm8m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pheq-uq63-3ucb
10
url VCID-purf-ztum-ufgr
vulnerability_id VCID-purf-ztum-ufgr
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39681
published_at 2026-06-11T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39851
published_at 2026-06-12T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39875
published_at 2026-06-13T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39864
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50248
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/bd02018b65c5b81d7ede195d00d0fcbac3aa33be
3
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/security/advisories/GHSA-7fgc-89cx-w8j5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50248
5
reference_url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
reference_id GHSA-7fgc-89cx-w8j5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fgc-89cx-w8j5
fixed_packages
0
url pkg:pypi/ckan@2.9.10
purl pkg:pypi/ckan@2.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-cgtv-pshy-zfbn
2
vulnerability VCID-cxh3-rnr8-13bx
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-hd1v-gpvt-z3b1
5
vulnerability VCID-jf1u-553j-kkhn
6
vulnerability VCID-rmu9-d8c5-sucr
7
vulnerability VCID-u8uc-dutu-eyc7
8
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.10
1
url pkg:pypi/ckan@2.10.3
purl pkg:pypi/ckan@2.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-cxh3-rnr8-13bx
4
vulnerability VCID-gr1y-33hz-mub2
5
vulnerability VCID-hd1v-gpvt-z3b1
6
vulnerability VCID-hjrb-9k1f-h7a1
7
vulnerability VCID-jf1u-553j-kkhn
8
vulnerability VCID-rmu9-d8c5-sucr
9
vulnerability VCID-u8uc-dutu-eyc7
10
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.3
aliases CVE-2023-50248, GHSA-7fgc-89cx-w8j5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-purf-ztum-ufgr
11
url VCID-rmu9-d8c5-sucr
vulnerability_id VCID-rmu9-d8c5-sucr
summary CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the returned error message. This has been patched in CKAN 2.10.5 and 2.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41674
reference_id
reference_type
scores
0
value 0.00475
scoring_system epss
scoring_elements 0.65363
published_at 2026-06-12T12:55:00Z
1
value 0.00475
scoring_system epss
scoring_elements 0.65372
published_at 2026-06-14T12:55:00Z
2
value 0.00475
scoring_system epss
scoring_elements 0.65374
published_at 2026-06-13T12:55:00Z
3
value 0.00475
scoring_system epss
scoring_elements 0.65263
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41674
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41674
reference_id CVE-2024-41674
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41674
3
reference_url https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7
reference_id f6b032cd7082d784938165bbd113557639002ca7
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:30:28Z/
url https://github.com/ckan/ckan/commit/f6b032cd7082d784938165bbd113557639002ca7
4
reference_url https://github.com/advisories/GHSA-2rqw-cfhc-35fh
reference_id GHSA-2rqw-cfhc-35fh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rqw-cfhc-35fh
5
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh
reference_id GHSA-2rqw-cfhc-35fh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:30:28Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-2rqw-cfhc-35fh
fixed_packages
0
url pkg:pypi/ckan@2.10.5
purl pkg:pypi/ckan@2.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-cgtv-pshy-zfbn
3
vulnerability VCID-gr1y-33hz-mub2
4
vulnerability VCID-hjrb-9k1f-h7a1
5
vulnerability VCID-u8uc-dutu-eyc7
6
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.5
aliases CVE-2024-41674, GHSA-2rqw-cfhc-35fh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmu9-d8c5-sucr
12
url VCID-se5z-sa9q-2bhg
vulnerability_id VCID-se5z-sa9q-2bhg
summary In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25967
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.43047
published_at 2026-06-13T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.43037
published_at 2026-06-14T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.43028
published_at 2026-06-12T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.42869
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25967
1
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
2
reference_url https://github.com/ckan/ckan/commit/5a46989c0a4f2c2873ca182c196da83b82babd25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/commit/5a46989c0a4f2c2873ca182c196da83b82babd25
3
reference_url https://github.com/ckan/ckan/pull/6477
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan/pull/6477
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2021-841.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/ckan/PYSEC-2021-841.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25967
reference_id CVE-2021-25967
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25967
6
reference_url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25967
reference_id CVE-2021-25967
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:27:35Z/
url https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25967
7
reference_url https://github.com/advisories/GHSA-6w9p-88qg-p3g3
reference_id GHSA-6w9p-88qg-p3g3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6w9p-88qg-p3g3
fixed_packages
0
url pkg:pypi/ckan@2.9.4
purl pkg:pypi/ckan@2.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-9v6a-jt8g-q3cn
2
vulnerability VCID-bhan-qpga-r7fr
3
vulnerability VCID-cgtv-pshy-zfbn
4
vulnerability VCID-cxh3-rnr8-13bx
5
vulnerability VCID-djg3-q7re-tuhg
6
vulnerability VCID-gr1y-33hz-mub2
7
vulnerability VCID-hd1v-gpvt-z3b1
8
vulnerability VCID-jf1u-553j-kkhn
9
vulnerability VCID-pheq-uq63-3ucb
10
vulnerability VCID-purf-ztum-ufgr
11
vulnerability VCID-rmu9-d8c5-sucr
12
vulnerability VCID-se5z-sa9q-2bhg
13
vulnerability VCID-u8uc-dutu-eyc7
14
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.4
1
url pkg:pypi/ckan@2.10.0
purl pkg:pypi/ckan@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1y9a-p7kw-xuh6
1
vulnerability VCID-2tpg-2385-s3af
2
vulnerability VCID-bhan-qpga-r7fr
3
vulnerability VCID-cgtv-pshy-zfbn
4
vulnerability VCID-cxh3-rnr8-13bx
5
vulnerability VCID-gr1y-33hz-mub2
6
vulnerability VCID-hd1v-gpvt-z3b1
7
vulnerability VCID-hjrb-9k1f-h7a1
8
vulnerability VCID-jf1u-553j-kkhn
9
vulnerability VCID-pheq-uq63-3ucb
10
vulnerability VCID-purf-ztum-ufgr
11
vulnerability VCID-rmu9-d8c5-sucr
12
vulnerability VCID-u8uc-dutu-eyc7
13
vulnerability VCID-z3e2-uxbm-47a7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.0
aliases CVE-2021-25967, GHSA-6w9p-88qg-p3g3, PYSEC-2021-841
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-se5z-sa9q-2bhg
13
url VCID-u8uc-dutu-eyc7
vulnerability_id VCID-u8uc-dutu-eyc7
summary CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42032
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03638
published_at 2026-06-11T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03648
published_at 2026-06-13T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03655
published_at 2026-06-12T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04387
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42032
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
2
reference_url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
3
reference_url https://docs.ckan.org/en/2.11/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions
4
reference_url https://docs.ckan.org/en/2.11/maintaining/configuration.html#ckan-datastore-sqlsearch-enabled
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/maintaining/configuration.html#ckan-datastore-sqlsearch-enabled
5
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42032
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42032
7
reference_url https://github.com/advisories/GHSA-cg4x-64p3-x59h
reference_id GHSA-cg4x-64p3-x59h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg4x-64p3-x59h
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59h
reference_id GHSA-cg4x-64p3-x59h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:15:01Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-cg4x-64p3-x59h
fixed_packages
0
url pkg:pypi/ckan@2.10.10
purl pkg:pypi/ckan@2.10.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.10
1
url pkg:pypi/ckan@2.11.5
purl pkg:pypi/ckan@2.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.5
aliases CVE-2026-42032, GHSA-cg4x-64p3-x59h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8uc-dutu-eyc7
14
url VCID-z3e2-uxbm-47a7
vulnerability_id VCID-z3e2-uxbm-47a7
summary CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42031
reference_id
reference_type
scores
0
value 0.13784
scoring_system epss
scoring_elements 0.94448
published_at 2026-06-11T12:55:00Z
1
value 0.13784
scoring_system epss
scoring_elements 0.94472
published_at 2026-06-13T12:55:00Z
2
value 0.13784
scoring_system epss
scoring_elements 0.94467
published_at 2026-06-12T12:55:00Z
3
value 0.14791
scoring_system epss
scoring_elements 0.94685
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42031
1
reference_url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.10/changelog.html#v-2-10-10-2026-04-29
2
reference_url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/changelog.html#v-2-11-5-2026-04-29
3
reference_url https://docs.ckan.org/en/2.11/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/extensions/plugin-interfaces.html#ckan.plugins.interfaces.IAuthFunctions
4
reference_url https://docs.ckan.org/en/2.11/maintaining/configuration.html#ckan-datastore-sqlsearch-enabled
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.ckan.org/en/2.11/maintaining/configuration.html#ckan-datastore-sqlsearch-enabled
5
reference_url https://github.com/ckan/ckan
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckan/ckan
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42031
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42031
7
reference_url https://github.com/advisories/GHSA-h7j7-3rx6-xvcg
reference_id GHSA-h7j7-3rx6-xvcg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7j7-3rx6-xvcg
8
reference_url https://github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg
reference_id GHSA-h7j7-3rx6-xvcg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T19:12:40Z/
url https://github.com/ckan/ckan/security/advisories/GHSA-h7j7-3rx6-xvcg
fixed_packages
0
url pkg:pypi/ckan@2.10.10
purl pkg:pypi/ckan@2.10.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.10.10
1
url pkg:pypi/ckan@2.11.5
purl pkg:pypi/ckan@2.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.11.5
aliases CVE-2026-42031, GHSA-h7j7-3rx6-xvcg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z3e2-uxbm-47a7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/ckan@2.9.1