Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/apache-iotdb@0.13.0
purl pkg:pypi/apache-iotdb@0.13.0
Next non-vulnerable version 2.0.5
Latest non-vulnerable version 2.0.5
Risk
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-64mx-h4s7-zuhm
Aliases:
CVE-2022-38369
PYSEC-2022-43069
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
0.13.1
Affected by 4 other vulnerabilities.
VCID-6vkv-z8b1-x7g7
Aliases:
CVE-2025-26864
PYSEC-2025-60
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.
1.3.4
Affected by 1 other vulnerability.
VCID-8yys-3rvw-nka6
Aliases:
CVE-2023-24831
GHSA-pvjv-386f-c8wh
PYSEC-2023-7
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.
0.13.5
Affected by 1 other vulnerability.
VCID-9j7x-4nqn-dbbx
Aliases:
CVE-2023-24830
GHSA-pp4w-9x82-6r47
PYSEC-2023-6
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.
0.13.3
Affected by 2 other vulnerabilities.
VCID-x8ws-4e9s-hkcb
Aliases:
CVE-2023-24829
PYSEC-2023-5
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.
0.13.3
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-gbs3-v5f2-9ff7 Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it. CVE-2022-43766
PYSEC-2022-42972

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:44:33.405841+00:00 GitLab Importer Affected by VCID-8yys-3rvw-nka6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/apache-iotdb/CVE-2023-24831.yml 38.6.0
2026-06-02T04:23:00.702876+00:00 Pypa Importer Affected by VCID-6vkv-z8b1-x7g7 https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml 38.6.0
2026-06-02T04:18:36.386271+00:00 Pypa Importer Affected by VCID-8yys-3rvw-nka6 https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-7.yaml 38.6.0
2026-06-02T04:18:15.521787+00:00 Pypa Importer Affected by VCID-x8ws-4e9s-hkcb https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-5.yaml 38.6.0
2026-06-02T04:18:15.410130+00:00 Pypa Importer Affected by VCID-9j7x-4nqn-dbbx https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-6.yaml 38.6.0
2026-06-02T04:17:56.426343+00:00 Pypa Importer Fixing VCID-gbs3-v5f2-9ff7 https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2022-42972.yaml 38.6.0
2026-06-02T04:17:37.688094+00:00 Pypa Importer Affected by VCID-64mx-h4s7-zuhm https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2022-43069.yaml 38.6.0