DataHub 代码问题漏洞

DataHub is a metadata platform for a modern data stack, open-sourced by the datahub-project. Versions of DataHub prior to 1.5.0.3 contained code-related vulnerabilities. These vulnerabilities stemmed from the DataHub frontend’s OIDC callback process, where it deserialized Java objects controlled ...

autopoc

AutoPoC Automated proof-of-concept deployments on OpenShift...

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

CVE-2022-0955

Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...

EUVD-2019-1163

Malware in sbrugna...

EUVD-2020-27447

Malware in sbrugna...

EUVD-2022-1545

Malicious code in bioql PyPI...

A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

A misconfigured platform used by the Department of Homeland Security left national security information—including some related to the surveillance of Americans—accessible to thousands of people...

CVE-2020-6297

Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure...

CVE-2019-0390

Under certain conditions SAP Data Hub corrected in DHFoundation version 2 allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users...

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +31 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=4.1.2 <=4.5.2)

flask-appbuilder PYPI version =4.1.2, =0.10.5.2rc3, =0.2.1, =0.8.2, =0.3.1, =0.0.4, =0.0.1a0, =2.3.3, =1.0.0, =1.0.0rc1, =1.0.2, =1.0.0rc1, =1.8.1rc1 and more Source cves: CVE-2025-24023 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-9058045...

BIT-PIMCORE-2022-0955

Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...

The vulnerabilities of microprogramming software in thermal scanning systems like FeverWarn ESP32, FeverWarn RaspberryPi, and the FeverWarn DataHub RaspberryPi system for centralized data storage and management, allowing intruders to enhance their privileges.

The vulnerabilities of the microprogramming software for thermal scanning systems—FeverWarn ESP32, FeverWarn RaspberryPi, and the centralized data storage and management system FeverWarn DataHub RaspberryPi—are related to deficiencies in access control during the processing of Wi-Fi interfaces...

USN-6493-2 hibagent update

USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure...

USN-6493-1 hibagent update

On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured...

CVE-2023-32321

CKAN (open-source data management system) is affected by CVE-2023-32321 with multiple flaws in older CKAN releases up to 2.9.9/2.10.1. The issues include: (1) arbitrary file writes in resource_create and package_update via ResourceUploader, potentially reachable through package_create/revise/patc...

Cross-Site Scripting (XSS)

pimcore/data-hub is vulnerable to stored cross-site scripting. The vulnerability exists because the configuration values are not escaped properly which allows a malicious attacker to inject and execute arbitrary javascript...

CVE-2022-0955

Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...

CVE-2022-0955

Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...