| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-26010 | Leaky JWTs in OpenMetadata exposing highly-privileged bot users | open-metadata | OpenMetadata | - | - | 2026-02-11 21:05:39 | Deep Dive |
| CVE-2026-22244 | OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE | open-metadata | OpenMetadata | 中危 | - | 2026-01-08 15:12:51 | Deep Dive |
| CVE-2024-28848 | SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata | open-metadata | OpenMetadata | High | 8.8 | 2024-03-15 19:55:47 | Deep Dive |
| CVE-2024-28255 | Authentication Bypass in OpenMetadata | open-metadata | OpenMetadata | Critical | 9.8 | 2024-03-15 19:55:45 | Deep Dive |
| CVE-2024-28847 | SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata | open-metadata | OpenMetadata | High | 8.8 | 2024-03-15 19:55:43 | Deep Dive |
| CVE-2024-28254 | SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata | open-metadata | OpenMetadata | High | 8.8 | 2024-03-15 19:55:42 | Deep Dive |
| CVE-2024-28253 | SpEL Injection in `PUT /api/v1/policies` in OpenMetadata | open-metadata | OpenMetadata | Critical | 9.4 | 2024-03-15 19:55:40 | Deep Dive |