Package impact

PyPI / ckan

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-42031	critical	9.8	9.8				21d ago	CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
CVE-2026-42032	critical	9.1	9.1				21d ago	CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
CVE-2026-41132	high	7.4	7.4				21d ago	CKAN has no certificate validation on STMP connection
CVE-2026-41255	medium	6.1	6.1				21d ago	CKAN has CSRF exemption primed by anonymous requests
CVE-2025-64100	unknown	—	—				7mo ago	CKAN vulnerable to fixed session IDs
CVE-2025-54384	unknown	—	—				7mo ago	CKAN vulnerable to stored XSS in resource description
CVE-2025-24372	unknown	—	—				1y ago	CKAN has an XSS vector in user uploaded images in group/org and user profiles
CVE-2024-43371	unknown	—	—				2y ago	Potential access to sensitive URLs via CKAN extensions (SSRF)
CVE-2024-41675	unknown	—	—				2y ago	CKAN has Cross-site Scripting vector in the Datatables view plugin
CVE-2024-41674	unknown	—	—				2y ago	CKAN may leak Solr credentials via error message in package_search action
CVE-2024-27097	unknown	—	—				2y ago	Potential log injection in reset user endpoint in CKAN
CVE-2023-50248	unknown	—	—				3y ago	Out of memory error when submitting the dataset form with a specially-crafted field
CVE-2023-32321	unknown	—	—				3y ago	Ckan remote code execution and private information access via crafted resource ids
CVE-2022-43685	unknown	—	—				4y ago	CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accoun…
CVE-2021-25967	unknown	—	—				5y ago	In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in t…