358 matches found
CVE-2026-54911 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2025.2-fips, datahub-ingestion, openstack-keystone-2025.2-fips, openstack-keystone-2026.1-fips, openstack-placement-2025.2, openstack-placement-2025.1-fips, openstack-placement-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips,...
GHSA-3J69-69WJ-XQX2 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2025.2-fips, datahub-ingestion, openstack-keystone-2025.2-fips, openstack-keystone-2026.1-fips, openstack-placement-2025.2, openstack-placement-2025.1-fips, openstack-placement-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips,...
GHSA-VQ2F-VCC9-J8MV vulnerabilities
Vulnerabilities for packages: datahub-ingestion...
CVE-2026-55865 vulnerabilities
Vulnerabilities for packages: datahub-ingestion...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-42360 via apache-airflow-core (>=3.0.0 <=3.2.2)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17131177...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-42360 via apache-airflow-task-sdk (>=1.0.0 <=1.2.2)
apache-airflow-task-sdk PYPI version =1.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42360 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-17131176...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-45192 via apache-airflow-core (>=3.0.0 <=3.2.2)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17132595...
CVE-2026-45017 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, datahub-ingestion...
GHSA-8P4X-WR7X-3788 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, datahub-ingestion...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
EUVD-2026-30321
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
CVE-2026-44501
DataHub frontend (datahub-frontend-react) prior to 1.5.0.3 deserializes attacker-controlled Java objects from the REDIRECT_URL cookie during the OIDC callback (GET /callback/oidc) with no integrity protection. This CWE-502 Deserialization of Untrusted Data vulnerability requires a valid user acco...
PT-2026-40949
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECT URL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization ...
GHSA-MQCG-5X36-VFCG vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips...
GHSA-7545-FCXQ-7J24 vulnerabilities
Vulnerabilities for packages: awx, datahub-ingestion-fips...
CVE-2026-44243 vulnerabilities
Vulnerabilities for packages: awx, datahub-ingestion-fips...