Lucene search
K

359 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-252 acryl-datahub missing JWT signature check

Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...

9.9CVSS7.3AI score0.00851EPSS
Exploits1References9
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.5 views

GHSA-VQ2F-VCC9-J8MV vulnerabilities

Vulnerabilities for packages: datahub-ingestion...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.13 views

GHSA-3J69-69WJ-XQX2 vulnerabilities

Vulnerabilities for packages: openstack-glance-2026.1-fips, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-placement-2025.2-fips, openstack-placement-2025.2, openstack-horizon-2026.1-fips, openstack-keystone-2026.1, openstack-glance-2025.1,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.10 views

CVE-2026-55865 vulnerabilities

Vulnerabilities for packages: datahub-ingestion...

7.1CVSS5.8AI score0.00451EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

CVE-2026-54911 vulnerabilities

Vulnerabilities for packages: openstack-glance-2026.1-fips, openstack-horizon-2025.2-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-placement-2025.2-fips, openstack-placement-2025.2, openstack-horizon-2026.1-fips, openstack-keystone-2026.1, openstack-glance-2025.1,...

6.5CVSS6.1AI score0.00272EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.13 views

CVE-2026-44501

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

7.1CVSS5.5AI score0.00139EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/01 9:16 a.m.10 views

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-42360 via apache-airflow-task-sdk (>=1.0.0 <=1.2.2)

apache-airflow-task-sdk PYPI version =1.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-17131176...

6.5CVSS5.7AI score0.00335EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 9:16 a.m.8 views

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-42360 via apache-airflow-core (>=3.0.0 <=3.2.2)

apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17131177...

6.5CVSS5.7AI score0.00335EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 8:16 a.m.8 views

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-45192 via apache-airflow-core (>=3.0.0 <=3.2.2)

apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17132595...

6.5CVSS5.7AI score0.0041EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/14 7:17 p.m.23 views

CVE-2026-45017 vulnerabilities

Vulnerabilities for packages: datahub-ingestion, datahub-ingestion-fips...

8.2CVSS6.1AI score0.00335EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/14 7:17 p.m.11 views

GHSA-8P4X-WR7X-3788 vulnerabilities

Vulnerabilities for packages: datahub-ingestion, datahub-ingestion-fips...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/14 4:16 p.m.13 views

CVE-2026-44501

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

7.1CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 3:41 p.m.12 views

CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 3:41 p.m.41 views

CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

4.3CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 3:41 p.m.9 views

EUVD-2026-30321

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:41 p.m.9 views

CVE-2026-44501

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/14 3:41 p.m.14 views

CVE-2026-44501

DataHub frontend (datahub-frontend-react) prior to 1.5.0.3 deserializes attacker-controlled Java objects from the REDIRECT_URL cookie during the OIDC callback (GET /callback/oidc) with no integrity protection. This CWE-502 Deserialization of Untrusted Data vulnerability requires a valid user acco...

7.1CVSS5.8AI score0.00139EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40949

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECT URL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization ...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/05/13 7:17 p.m.15 views

CVE-2026-44243 vulnerabilities

Vulnerabilities for packages: datahub-ingestion-fips, awx...

8.8CVSS7AI score0.00419EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/13 7:17 p.m.14 views

CVE-2026-42557 vulnerabilities

Vulnerabilities for packages: datahub-ingestion-fips...

9.6CVSS5.8AI score0.00386EPSS
Exploits0
Rows per page
Query Builder