VulnerableCode Package Details - pkg:pypi/apache-iotdb@0.13.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-6vkv-z8b1-x7g7 Aliases: CVE-2025-26864 PYSEC-2025-60	Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.	1.3.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-8yys-3rvw-nka6 Aliases: CVE-2023-24831 GHSA-pvjv-386f-c8wh PYSEC-2023-7	Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.	0.13.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6vkv-z8b1-x7g7
Aliases:
CVE-2025-26864
PYSEC-2025-60

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.

1.3.4
Affected by 1 other vulnerability.

VCID-8yys-3rvw-nka6
Aliases:
CVE-2023-24831
GHSA-pvjv-386f-c8wh
PYSEC-2023-7

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4.

0.13.5
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-9j7x-4nqn-dbbx	Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.	CVE-2023-24830 GHSA-pp4w-9x82-6r47 PYSEC-2023-6
VCID-x8ws-4e9s-hkcb	Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.	CVE-2023-24829 PYSEC-2023-5

Vulnerability

Summary

Aliases

VCID-9j7x-4nqn-dbbx

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.

CVE-2023-24830
GHSA-pp4w-9x82-6r47
PYSEC-2023-6

VCID-x8ws-4e9s-hkcb

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards.

CVE-2023-24829
PYSEC-2023-5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:00.719144+00:00	Pypa Importer	Affected by	VCID-6vkv-z8b1-x7g7	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml	38.6.0
2026-06-02T04:18:36.401230+00:00	Pypa Importer	Affected by	VCID-8yys-3rvw-nka6	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-7.yaml	38.6.0
2026-06-02T04:18:15.539595+00:00	Pypa Importer	Fixing	VCID-x8ws-4e9s-hkcb	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-5.yaml	38.6.0
2026-06-02T04:18:15.426591+00:00	Pypa Importer	Fixing	VCID-9j7x-4nqn-dbbx	https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-6.yaml	38.6.0