Search for packages
| purl | pkg:pypi/apache-iotdb@0.13.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6vkv-z8b1-x7g7
Aliases: CVE-2025-26864 PYSEC-2025-60 |
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8yys-3rvw-nka6 | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. This is fixed in 0.13.4. |
CVE-2023-24831
GHSA-pvjv-386f-c8wh PYSEC-2023-7 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:44:33.409057+00:00 | GitLab Importer | Fixing | VCID-8yys-3rvw-nka6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/apache-iotdb/CVE-2023-24831.yml | 38.6.0 |
| 2026-06-02T04:23:00.723162+00:00 | Pypa Importer | Affected by | VCID-6vkv-z8b1-x7g7 | https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2025-60.yaml | 38.6.0 |
| 2026-06-02T04:18:36.405801+00:00 | Pypa Importer | Fixing | VCID-8yys-3rvw-nka6 | https://github.com/pypa/advisory-database/blob/main/vulns/apache-iotdb/PYSEC-2023-7.yaml | 38.6.0 |