EUVD-2024-54430

Malicious code in bioql PyPI...

EUVD-2025-24003

Malicious code in bioql PyPI...

EUVD-2025-24004

Malicious code in bioql PyPI...

EUVD-2025-24002

Malicious code in bioql PyPI...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

CVE-2025-50466

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query...

CVE-2025-50467

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50465 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50465 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009019...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the testPlatform parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted input int...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50467 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50467 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009018...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the DocStoreDAO interface when the entityType parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted input into the...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50468 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50468 Source advisory: SNYK:JAVA-ORGOPENMETADATA-11959222...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the entityType parameter is used to construct an SQL query. A low-privileged attacker can extract sensitive information from the database by supplying...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50466 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50466 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009017...

CVE-2025-50467

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

CVE-2025-50467

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...

CVE-2025-50466

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...