✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2023-32321Ckan remote code execution and private information access via crafted resource ids from 0, < 2.9.9
HIGH8.8CVE-2022-43685CKAN contains Improper Authentication leading to account takeover from 0, < 2.9.7
HIGH8.8CVE-2022-43685CKAN contains Improper Authentication leading to account takeover from 0, < 2.9.7
HIGH7.3CVE-2025-24372CKAN has an XSS vector in user uploaded images in group/org and user profiles from 0, < 2.10.7
MEDIUM6.8CVE-2024-41675CKAN has Cross-site Scripting vector in the Datatables view plugin >= 2.7.0, < 2.10.5
MEDIUM6.3CVE-2025-54384CKAN vulnerable to stored XSS in resource description >= 2.11.0, < 2.11.4
MEDIUM6.1CVE-2026-41255CKAN has CSRF exemption primed by anonymous requests >= 2.10.0, < 2.10.10
>= 2.10.0, < 2.10.9
>= 2.9.0, < 2.10.0
>= 2.9.0, < 2.9.4
MEDIUM5.3CVE-2024-41674CKAN may leak Solr credentials via error message in package_search action >= 2.0.0, < 2.10.5
MEDIUM4.5CVE-2024-43371Potential access to sensitive URLs via CKAN extensions (SSRF) from 0, < 2.10.5
MEDIUM4.5CVE-2023-50248Out of memory error when submitting the dataset form with a specially-crafted field >= 2.0, < 2.9.10
MEDIUM4.3CVE-2024-27097Potential log injection in reset user endpoint in CKAN from 0, < 2.9.11
—CVE-2026-42032CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql` from 0, < 2.10.10
—CVE-2026-42031CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` from 0, < 2.10.10
>= 2.11.0, < 2.11.5