Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ckan — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting ckan. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CKAN is an open-source data management system used primarily for government and organizational data portals. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access controls. The platform's complex plugin architecture and default configurations have contributed to security risks. While no major public incidents have been widely documented, the 12 recorded CVEs highlight ongoing concerns, particularly around authentication and authorization flaws. Organizations implementing CKAN should prioritize hardening configurations, regular patching, and plugin vetting to mitigate risks associated with its extensive feature set and customizable nature.

Found 15 results / 16Clear Filters
Top products by ckan: ckan ckan-docker-base
CVE IDTitleCVSSSeverityPublished
CVE-2026-42032 CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql` — ckanCWE-863--2026-05-13
CVE-2026-41255 CKAN: CSRF exemption primed by anonymous requests — ckanCWE-352 6.1 Medium2026-05-13
CVE-2026-41132 CKAN: No certificate validation on STMP connection — ckanCWE-295--2026-05-13
CVE-2026-42031 CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` — ckanCWE-89--2026-05-13
CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation — ckanCWE-384 6.1 Medium2025-10-29
CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields — ckanCWE-79 6.3 Medium2025-10-29
CVE-2025-24372 XSS vector in user uploaded images in group/org and user profiles in ckan — ckanCWE-79 7.3 High2025-02-05
CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF) — ckanCWE-918 4.5 Medium2024-08-21
CVE-2024-41675 CKAN has a Cross-site Scripting vector in the Datatables view plugin — ckanCWE-79 6.8 Medium2024-08-21
CVE-2024-41674 CKAN may leak Solr credentials via error message in package_search action — ckanCWE-209 5.3 Medium2024-08-21
CVE-2024-27097 Potential log injection in reset user endpoint in ckan — ckanCWE-532 4.3 Medium2024-03-13
CVE-2023-50248 CKAN out of memory error when submitting the dataset form with a specially-crafted field — ckanCWE-130 4.5 Medium2023-12-13
CVE-2023-32321 CKAN remote code execution and private information access via crafted resource ids — ckanCWE-20 9.8 Critical2023-05-26
CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images — ckanCWE-344 8.6 High2023-02-03
CVE-2021-25967 CKAN - Stored Cross-Site Scripting (XSS) via SVG File Upload — ckanCWE-79 5.4 Medium2021-12-01

This page lists every published CVE security advisory associated with ckan. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.