CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

Snyk•added 2026/05/21 4:36 p.m.•5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the TESTCONNECTION workflow for a Database Service. An attacker can obtain sensitive credentials and authentication tokens by triggering the workflow and inspecting the HTTP response...

8.7CVSS5.8AI score

Exploits0References2

vulnersOsv•added 2026/02/11 2:23 p.m.•1 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.11.13), org.open-metadata:openmetadata-mcp (>=1.10.0 <=1.11.13) potentially affected by CVE-2026-26010 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.11.7)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.10.0, =1.11.13 Source cves: CVE-2026-26010 Source advisory: SNYK:JAVA-ORGOPENMETADATA-15271046...

7.6CVSS7AI score0.00018EPSS

Exploits1

Snyk•added 2026/02/11 2:23 p.m.•1 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and...

7.6CVSS5.6AI score0.00018EPSS

Exploits1References2

vulnersOsv•added 2026/01/07 7:33 p.m.•2 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.11.13), org.open-metadata:openmetadata-mcp (>=1.10.0 <=1.11.13) potentially affected by unknown CVE via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.11.3)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.10.0, =1.11.13 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGOPENMETADATA-14912636...

5.8AI score

Exploits0

Veracode•added 2025/11/07 8:6 a.m.•4 views

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted entityType values that modi...

7.1CVSS7.6AI score0.00076EPSS

Exploits1References3Affected Software1

Veracode•added 2025/11/07 7:51 a.m.•2 views

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the supportedDataTypeParam parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted...

6.5CVSS7.6AI score0.00051EPSS

Exploits0References2Affected Software1

vulnersOsv•added 2025/08/08 5:41 p.m.•2 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50465 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50465 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009019...

8.8CVSS5.8AI score0.00059EPSS

Exploits0

Snyk•added 2025/08/08 5:41 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the testPlatform parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted input int...

8.8CVSS7.6AI score0.00059EPSS

Exploits0References2

vulnersOsv•added 2025/08/08 5:41 p.m.•2 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50467 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50467 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009018...

6.5CVSS5.8AI score0.00051EPSS

Exploits0

Snyk•added 2025/08/08 5:40 p.m.•1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the DocStoreDAO interface when the entityType parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted input into the...

8.3CVSS7.6AI score0.00073EPSS

Exploits1References2

Snyk•added 2025/08/08 5:40 p.m.•1 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the entityType parameter is used to construct an SQL query. A low-privileged attacker can extract sensitive information from the database by supplying...

7.1CVSS7.7AI score0.00076EPSS

Exploits1References2

vulnersOsv•added 2025/08/08 5:40 p.m.•3 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50468 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50468 Source advisory: SNYK:JAVA-ORGOPENMETADATA-11959222...

6.5CVSS5.8AI score0.00073EPSS

Exploits1

vulnersOsv•added 2025/08/08 5:40 p.m.•1 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50466 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50466 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009017...

7.1CVSS5.8AI score0.00076EPSS

Exploits1

vulnersOsv•added 2025/04/17 6:31 p.m.•2 views

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2024-55238 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.8)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2024-55238 Source advisory: SNYK:JAVA-ORGOPENMETADATA-9833967...

8.8CVSS5.8AI score0.00181EPSS

Exploits1

vulnersOsv•added 2025/04/17 6:31 p.m.•2 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-55238 via org.open-metadata:openmetadata-service (>=0.12.1 <=1.4.1)

org.open-metadata:openmetadata-service MAVEN version =0.12.1, =0.12.1, =1.12.0, =1.10.0, =1.13.0-snapshot - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2024-55238 Source advisory: OSV:GHSA-X8PM-WRG2-MQMX...

8.8CVSS5.8AI score0.00181EPSS

Exploits1

vulnersOsv•added 2024/04/24 5:6 p.m.•2 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28848 via org.open-metadata:openmetadata-service (>=0.12.1 <=1.2.3)

8.8CVSS7.4AI score0.7862EPSS

Exploits0

vulnersOsv•added 2024/04/24 5:6 p.m.•1 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28847 via org.open-metadata:openmetadata-service (>=0.12.1 <=1.2.3)

8.8CVSS7.4AI score0.12686EPSS

Exploits1

vulnersOsv•added 2024/04/23 9:11 p.m.•1 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +2 more potentially affected by CVE-2024-28253 via org.open-metadata:openmetadata-service (>=0.12.1 <=1.3.0)

9.4CVSS7.4AI score0.92915EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by