Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/khoj@1.42.0
Typepypi
Namespace
Namekhoj
Version1.42.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-ypa9-9b5k-m3d8
vulnerability_id VCID-ypa9-9b5k-m3d8
summary 
Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning
An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index.

This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69207
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0199
published_at 2026-06-08T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02004
published_at 2026-06-07T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02014
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02007
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69207
1
reference_url https://github.com/khoj-ai/khoj
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/khoj-ai/khoj
2
reference_url https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:16Z/
url https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b
3
reference_url https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:16Z/
url https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69207
reference_id CVE-2025-69207
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69207
5
reference_url https://github.com/advisories/GHSA-6whj-7qmg-86qj
reference_id GHSA-6whj-7qmg-86qj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6whj-7qmg-86qj
6
reference_url https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj
reference_id GHSA-6whj-7qmg-86qj
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:16Z/
url https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7qmg-86qj
fixed_packages
aliases CVE-2025-69207, GHSA-6whj-7qmg-86qj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ypa9-9b5k-m3d8
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/khoj@1.42.0