37 matches found
CVE-2026-50148
Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achieve remote code execution on the Metabase server by...
CVE-2026-50148
Metabase up to versions 1.60.4 is affected by CVE-2026-50148 due to a Snowflake JDBC driver flaw that allows an attacker who can configure a Snowflake connection to write arbitrary files on the Metabase host, potentially replacing a Metabase database driver file and achieving remote code executio...
CVE-2026-59826 Metabase: Arbitrary Code Execution via Database Connection Detail Bypass
Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and...
EUVD-2018-1507
Malware in sbrugna...
EUVD-2025-17571
Malicious code in bioql PyPI...
EUVD-2022-29633
Malicious code in bioql PyPI...
EUVD-2025-14803
Malicious code in bioql PyPI...
EUVD-2023-41366
Malicious code in bioql PyPI...
EUVD-2022-41828
Malicious code in bioql PyPI...
EUVD-2022-29634
Malicious code in bioql PyPI...
Metabase 0.40.x < 0.40.8 / 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4
The version of Metabase installed on the remote host is prior to 1.42.4. It is, therefore, affected by multiple vulnerabilities. - Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a...
Metabase 0.41.x < 0.41.9 / 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.41.x < 1.41.9 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5
The version of Metabase installed on the remote host affected by a single sign on SSO access control vulnerability which could allow a user access without going through the SSO IdP. Metabase now blocks password reset for all users who use SSO for their Metabase login. Note that Nessus has not...
CVE-2025-5895 Metabase dom.js parseDataUri redos
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...
CVE-2025-5895 Metabase dom.js parseDataUri redos
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...
CVE-2025-5895
Summary of CVE-2025-5895 (Metabase) : Multiple sources describe a vulnerability in Metabase 54.10 affecting the function parseDataUri in frontend/src/metabase/lib/dom.js. The issue is described as inefficient regular-expression complexity (a redos-like condition) that can be triggered remotely. P...
CVE-2025-5895 Metabase dom.js parseDataUri redos
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...
Metabase 安全漏洞
Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase version 54.10, which stems from an inefficient regular expression complexity in the function parseDataUri...
CVE-2023-32680
Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that:...
CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...