Vulnerability Platform

Associated Vulnerability

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-33725	Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import	metabase	metabase	High	7.2	2026-03-27 00:19:39	Deep Dive
CVE-2026-27464	Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE	metabase	metabase	High	7.7	2026-02-21 07:57:51	Deep Dive
CVE-2026-22805	Metabase channel test endpoint can reach internal local addresses	metabase	metabase	-	-	2026-01-12 22:36:35	Deep Dive
CVE-2025-5895	Metabase dom.js parseDataUri redos	-	Metabase	Medium	4.3	2025-06-09 20:00:19	Deep Dive
CVE-2025-32382	Snowflake credentials logged by the Metabase backend	metabase	metabase	-	-	2025-04-10 14:40:54	Deep Dive
CVE-2025-30371	Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint	metabase	metabase	中危	-	2025-03-28 14:47:37	Deep Dive
CVE-2025-27141	Metabase Enterprise Edition allows cached questions to leak data to impersonated users	metabase	metabase	中危	-	2025-02-24 22:05:14	Deep Dive
CVE-2024-55951	Metabase sandboxed users could see filter values from other sandboxed users	metabase	metabase	中危	-	2024-12-16 20:03:55	Deep Dive
CVE-2023-37470	Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint	metabase	metabase	Critical	10.0	2023-08-04 15:12:43	Deep Dive
CVE-2023-32680	Missing SQL permissions check in metabase	metabase	metabase	Medium	5.8	2023-05-18 22:55:31	Deep Dive
CVE-2023-23629	Metabase subject to Improper Privilege Management	metabase	metabase	Medium	6.3	2023-01-28 01:23:33	Deep Dive
CVE-2023-23628	Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor	metabase	metabase	Medium	5.7	2023-01-28 01:11:17	Deep Dive
CVE-2022-43776	Metabase 代码问题漏洞	-	Metabase	中危	-	2022-10-26 00:00:00	Deep Dive
CVE-2022-39362	Metabase vulnerable to arbitrary SQL execution from queryhash	metabase	metabase	High	8.8	2022-10-26 00:00:00	Deep Dive
CVE-2022-39361	Metabase vulnerable to Remote Code Execution via H2	metabase	metabase	High	8.8	2022-10-26 00:00:00	Deep Dive
CVE-2022-39360	Metabase SSO users able to circumvent IdP login by doing password reset	metabase	metabase	Medium	6.5	2022-10-26 00:00:00	Deep Dive
CVE-2022-39359	Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs	metabase	metabase	Medium	6.5	2022-10-26 00:00:00	Deep Dive
CVE-2022-39358	Metabase vulnerable to circumvention of Locked parameter in Signed Embedding	metabase	metabase	Medium	6.5	2022-10-26 00:00:00	Deep Dive
CVE-2022-24853	File system exposure in Metabase	metabase	metabase	Medium	5.9	2022-04-14 21:45:16	Deep Dive
CVE-2022-24854	Database bypassing any permissions in Metabase via SQlite attach	metabase	metabase	High	8.0	2022-04-14 21:40:11	Deep Dive

Support Us — Your donation helps us keep running

Associated Vulnerability