EUVD-2022-0022

Malicious code in bioql PyPI...

EUVD-2022-0722

Malicious code in bioql PyPI...

EUVD-2023-0038

Malicious code in bioql PyPI...

anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2025-48459 via apache-iotdb (=1.3.2.post0)

apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2025-48459 Source advisory: OSV:PYSEC-2025-88...

CVE-2025-48392

Apache IoTDB contains a DoS vulnerability affecting 1.3.3–1.3.4 and 2.0.1-beta–2.0.4. The issue is fixed in 2.0.5. CVSS v3.1 metrics from NVD indicate HIGH impact with Availability loss (A=HIGH) and no confidentiality/integrity impact, network attack vector, low complexity, no auth required. Affe...

CVE-2020-1952

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely...

GHSA-5FC3-PQF2-57CX Apache IoTDB Discloses Sensitive Information via Log Files

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2024-24780 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2024-24780 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176116...

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=0.14.0-preview1 <=1.3.3) +18 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=0.14.0-preview1 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =0.14.0-preview1, =1.1.2, =0.14.0-preview1, =1.2.2, =1.2.2, =0.14.0-preview1, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview2, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =1.3.0, =1.3....

PYSEC-2025-60

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

CVE-2023-46226

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue...

iotdb-session-0-10-1 (>=0.1.0 <=0.1.5) potentially affected by CVE-2023-30771 via apache-iotdb (=0.10.1)

apache-iotdb PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - iotdb-session-0-10-1 =0.1.0, =0.1.5 Source cves: CVE-2023-30771 Source advisory: OSV:PYSEC-2023-8...

CVE-2022-43766

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

PYSEC-2022-43069

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...