EUVD-2018-12726

Malware in sbrugna...

EUVD-2024-0538

Malicious code in bioql PyPI...

EUVD-2024-2977

Malicious code in bioql PyPI...

EUVD-2023-2577

Malicious code in bioql PyPI...

EUVD-2023-2337

Malicious code in bioql PyPI...

EUVD-2024-3105

Malicious code in bioql PyPI...

CVE-2023-37476

OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of...

CVE-2023-41886

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue...

CVE-2023-41887

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

Path Traversal

org.openrefine, openrefine is vulnerable to path traversal. The vulnerability is due to the load-language command not verifying the resulting path for localization files, allowing exploitation to read arbitrary JSON files on the file system...

Arbitrary Code Execution

org.openrefine, database is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper configuration in the database extension of OpenRefine, specifically the enableloadextension property that permits loading local or remote extension DLLs...

Cross-Site Scripting (XSS)

org.openrefine, openrefine is vulnerable to a reflected Cross-Site Scripting XSS vulnerability. The vulnerability is due to the export-rows command reflecting parts of the user request verbatim, including the Content-Type header. It allows an attacker to manipulate the response and inject malicio...

UBUNTU-CVE-2024-47882

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an...

OpenRefine 跨站脚本漏洞

OpenRefine is a Java-based open source tool from OpenRefine Open Source. The product is mainly used for loading data, analyzing data and cleaning data, etc. A cross-site scripting vulnerability exists in OpenRefine prior to version 3.8.3, which stems from a cross-site scripting attack that can be...