Skip to main content

Iotdb

16 CVEs product

Monthly

CVE-2026-24713 Maven CRITICAL PATCH Act Now

Input validation vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Second critical CVE affecting the IoT database.

Apache Iotdb
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24015 Maven CRITICAL PATCH Act Now

Vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Critical severity issue in the IoT time-series database platform.

Apache Iotdb
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-48459 LIB MEDIUM PATCH GHSA This Month

Deserialization of Untrusted Data vulnerability in Apache IoTDB.0.0 before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Iotdb
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2025-48392 Maven HIGH PATCH This Month

A vulnerability in Apache IoTDB.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Iotdb
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-26864 LIB HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.10.0 through 1.3.3, from 2.0.1-beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-26795 Maven HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver.10.0 through 1.3.3, from 2.0.1-beta before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24780 LIB CRITICAL PATCH Act Now

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Code Injection Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-51656 Maven CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache IoTDB.13.0 through 0.13.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24831 LIB CRITICAL PATCH Act Now

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.13.0 through 0.13.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Apache Authentication Bypass Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24829 PyPI HIGH PATCH This Week

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.13.0 before 0.13.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-24830 PyPI HIGH PATCH This Week

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.13.0 before 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-43766 LIB HIGH PATCH This Week

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Java Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-38370 Maven HIGH PATCH This Week

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Grafana Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-38369 LIB HIGH PATCH This Week

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation Iotdb
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-25649 Maven HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-1952 Maven CRITICAL PATCH Act Now

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
CVSS 3.1
9.8
EPSS
2.7%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Input validation vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Second critical CVE affecting the IoT database.

Apache Iotdb
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Vulnerability in Apache IoTDB from 1.0.0 before 1.3.7 and from 2.0.0 before 2.0.7. Critical severity issue in the IoT time-series database platform.

Apache Iotdb
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache IoTDB.0.0 before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Iotdb
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Month

A vulnerability in Apache IoTDB.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Iotdb
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.10.0 through 1.3.3, from 2.0.1-beta. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver.10.0 through 1.3.3, from 2.0.1-beta before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Code Injection +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache IoTDB.13.0 through 0.13.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Iotdb
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.13.0 through 0.13.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Apache Authentication Bypass +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.13.0 before 0.13.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.13.0 before 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Java +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Grafana +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Session Fixation +1
NVD
EPSS 18% CVSS 7.5
HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services +37
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Iotdb
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy