359 matches found
PYSEC-2026-252 acryl-datahub missing JWT signature check
Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...
GHSA-VQ2F-VCC9-J8MV vulnerabilities
Vulnerabilities for packages: datahub-ingestion...
GHSA-3J69-69WJ-XQX2 vulnerabilities
Vulnerabilities for packages: openstack-glance-2026.1-fips, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-placement-2025.2-fips, openstack-placement-2025.2, openstack-horizon-2026.1-fips, openstack-keystone-2026.1, openstack-glance-2025.1,...
CVE-2026-55865 vulnerabilities
Vulnerabilities for packages: datahub-ingestion...
CVE-2026-54911 vulnerabilities
Vulnerabilities for packages: openstack-glance-2026.1-fips, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-placement-2025.2-fips, openstack-placement-2025.2, openstack-horizon-2026.1-fips, openstack-keystone-2026.1, openstack-glance-2025.1,...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-42360 via apache-airflow-task-sdk (>=1.0.0 <=1.2.2)
apache-airflow-task-sdk PYPI version =1.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-17131176...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-42360 via apache-airflow-core (>=3.0.0 <=3.2.2)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17131177...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-45192 via apache-airflow-core (>=3.0.0 <=3.2.2)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17132595...
CVE-2026-45017 vulnerabilities
Vulnerabilities for packages: datahub-ingestion, datahub-ingestion-fips...
GHSA-8P4X-WR7X-3788 vulnerabilities
Vulnerabilities for packages: datahub-ingestion, datahub-ingestion-fips...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
EUVD-2026-30321
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501
DataHub frontend (datahub-frontend-react) prior to 1.5.0.3 deserializes attacker-controlled Java objects from the REDIRECT_URL cookie during the OIDC callback (GET /callback/oidc) with no integrity protection. This CWE-502 Deserialization of Untrusted Data vulnerability requires a valid user acco...
PT-2026-40949
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECT URL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization ...
CVE-2026-44243 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, awx...
CVE-2026-42557 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips...