CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Veracode•added 2025/11/07 7:51 a.m.•3 views

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the supportedDataTypeParam parameter in TestDefinitionDAO.listCount due to concatenating untrusted input into an SQL query, allowing attackers to supply crafted...

6.5CVSS7.6AI score0.00185EPSS

Exploits0References2Affected Software1

Veracode•added 2025/11/07 7:33 a.m.•2 views

SQL Injection

org.open-metadata, openmetadata-service is vulnerable to SQL Injection. The vulnerability is due to improper handling of the entityType parameter in DocStoreDAO.listCount allowing attackers to supply crafted entityType values that modify the query and extract arbitrary data from the database...

6.5CVSS7.7AI score0.00208EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-24003

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00215EPSS

Exploits1References3

RedhatCVE•added 2025/08/10 12:15 a.m.•4 views

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

6.5CVSS6.9AI score0.00208EPSS

Exploits1References1

Snyk•added 2025/08/08 5:41 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the TestDefinitionDAO interface when the testPlatform parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted input int...

8.8CVSS7.6AI score0.00167EPSS

Exploits0References2

Snyk•added 2025/08/08 5:40 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the listCount function in the DocStoreDAO interface when the entityType parameter is used to construct a SQL query. An attacker can extract sensitive information from the database by injecting crafted input into the...

8.3CVSS7.6AI score0.00208EPSS

Exploits1References2

OSV•added 2025/08/08 5:15 p.m.•3 views

CVE-2025-50468

6.5CVSS7.2AI score

Exploits0References3

OSV•added 2025/08/08 5:15 p.m.•3 views

CVE-2025-50467

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...

6.5CVSS7.2AI score

Exploits0References3

Positive Technologies•added 2025/08/08 12:0 a.m.•4 views

PT-2025-32371 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.4.4 Description: OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database via the listCount function within the TestDefinitionDAO interface. The...

6.5CVSS7.4AI score0.00185EPSS

Exploits0References9

OSV•added 2025/04/17 6:31 p.m.•1 views

GHSA-X8PM-WRG2-MQMX OpenMetadata SQL Injection

OpenMetadata =1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query...

7.1CVSS5.9AI score0.00181EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by