Search for packages
| purl | pkg:pypi/apache-iotdb@1.3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gvfr-2jus-ebf2
Aliases: CVE-2025-48459 GHSA-776q-jw43-fhjx PYSEC-2025-88 |
Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6vkv-z8b1-x7g7 | Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. |
CVE-2025-26864
PYSEC-2025-60 |
| VCID-g6qa-mu8d-2uhc | Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. |
CVE-2024-24780
PYSEC-2025-59 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:23:20.511306+00:00 | Pypa Importer | Affected by | VCID-gvfr-2jus-ebf2 | https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-88.yaml | 38.6.0 |
| 2026-06-02T04:23:00.775804+00:00 | Pypa Importer | Fixing | VCID-6vkv-z8b1-x7g7 | https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml | 38.6.0 |
| 2026-06-02T04:23:00.616461+00:00 | Pypa Importer | Fixing | VCID-g6qa-mu8d-2uhc | https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-59.yaml | 38.6.0 |