CVE-2026-42031 critical 9.8
9.8
14d ago
CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
python
CVE-2026-42032 critical 9.1
9.1
14d ago
CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
python
CVE-2026-41132 high 7.4
7.4
14d ago
CKAN has no certificate validation on STMP connection
python
CVE-2026-41255 medium 6.1
6.1
14d ago
CKAN has CSRF exemption primed by anonymous requests
python
CVE-2025-64100 unknown —
—
7mo ago
CKAN vulnerable to fixed session IDs
python
CVE-2025-54384 unknown —
—
7mo ago
CKAN vulnerable to stored XSS in resource description
python
CVE-2025-24372 unknown —
—
1y ago
CKAN has an XSS vector in user uploaded images in group/org and user profiles
python
CVE-2024-43371 unknown —
—
2y ago
Potential access to sensitive URLs via CKAN extensions (SSRF)
python
CVE-2024-41675 unknown —
—
2y ago
CKAN has Cross-site Scripting vector in the Datatables view plugin
python
CVE-2024-41674 unknown —
—
2y ago
CKAN may leak Solr credentials via error message in package_search action
python
CVE-2024-27097 unknown —
—
2y ago
Potential log injection in reset user endpoint in CKAN
python
CVE-2023-50248 unknown —
—
3y ago
Out of memory error when submitting the dataset form with a specially-crafted field
python
CVE-2023-32321 unknown —
—
3y ago
Ckan remote code execution and private information access via crafted resource ids
python
CVE-2022-43685 unknown —
—
4y ago
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accoun…
python
CVE-2021-25967 unknown —
—
5y ago
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in t…
python