CRITICAL9.8CVE-2023-32321Ckan remote code execution and private information access via crafted resource ids from 0, < 2.9.9
HIGH8.8CVE-2022-43685CKAN contains Improper Authentication leading to account takeover from 0, < 2.9.7
HIGH8.8CVE-2022-43685CKAN contains Improper Authentication leading to account takeover from 0, < 2.9.7
HIGH7.3CKAN has an XSS vector in user uploaded images in group/org and user profiles
from 0, < 2.10.7
MEDIUM6.8CKAN has Cross-site Scripting vector in the Datatables view plugin
>= 2.7.0, < 2.10.5
MEDIUM6.3CKAN vulnerable to stored XSS in resource description
>= 2.11.0, < 2.11.4
MEDIUM6.1CKAN has CSRF exemption primed by anonymous requests
>= 2.10.0, < 2.10.10
MEDIUM6.1CKAN vulnerable to fixed session IDs
>= 2.10.0, < 2.10.9
MEDIUM5.4Cross-site Scripting in CKAN
>= 2.9.0, < 2.10.0
MEDIUM5.4Cross-site Scripting in CKAN
>= 2.9.0, < 2.9.4
MEDIUM5.3CKAN may leak Solr credentials via error message in package_search action
>= 2.0.0, < 2.10.5
MEDIUM4.5Potential access to sensitive URLs via CKAN extensions (SSRF)
from 0, < 2.10.5
MEDIUM4.5Out of memory error when submitting the dataset form with a specially-crafted field
>= 2.0, < 2.9.10
MEDIUM4.3Potential log injection in reset user endpoint in CKAN
from 0, < 2.9.11
—CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`
from 0, < 2.10.10
—CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
from 0, < 2.10.10
—CKAN has no certificate validation on STMP connection
>= 2.11.0, < 2.11.5