EUVD-2025-24003

Malicious code in bioql PyPI...

EUVD-2025-24004

Malicious code in bioql PyPI...

CVE-2025-50466

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

CVE-2025-50465

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query...

CVE-2025-50466

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query...

CVE-2025-50468

CVE-2025-50468 affects OpenMetadata

CVE-2025-50465

OpenMetadata

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

PT-2025-32377 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.4.4 Description: OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the listCount function within the TestDefinitionDAO interface. The entityTyp...

CVE-2024-55238

OpenMetadata

CVE-2024-55238

OpenMetadata =1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query...

PT-2025-17195 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions 1.4.1 and earlier Description: The issue allows an attacker to extract information from the database. This is achieved through the listCount function in the WorkflowDAO interface, where the workflowtype and status...

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

CVE-2024-28253

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMetadata authentication bypass and SpEL injection exploit chain', 'Description' = %q OpenMetadata is a unified platform for discovery,...

VulnCheck KEV: CVE-2024-28254

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

EUVD-2024-1162

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...