Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Dataease — Vulnerabilities & Security Advisories 64

All 64 CVE vulnerabilities found in Dataease, with AI-generated Chinese analysis, references, and POCs.

This page serves as a vulnerability aggregation resource for DataEase, covering various common weakness types and security tags associated with this open-source data visualization tool. It collects and indexes a comprehensive range of software vulnerabilities, including but not limited to cross-site scripting, authentication bypasses, and logic flaws, spanning from the product's initial release through to recent security advisories. Here, users can effectively track vendor advisories to stay informed about patch availability and security updates, gain a deeper understanding of specific weakness classes by analyzing recurring patterns in reported issues, and lookup the product's vulnerability history to assess its long-term security posture and remediation trends. This structured approach allows security professionals and administrators to quickly identify known risks, evaluate the impact of disclosed flaws on their specific deployment environments, and prioritize mitigation efforts based on verified data rather than anecdotal evidence. By centralizing this information, the page simplifies the complex task of monitoring open-source software security, enabling teams to make informed decisions regarding updates and configurations without sifting through disparate sources.

Vendor: dataease

CVE IDTitleCVSSSeverityPublished
CVE-2026-8724 Dataease Data Dashboard SqlparserUtils.java SqlparserUtils.transFilter sql injection CWE-89 4.7 Medium2026-05-17
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution CWE-502 8.8AIHighAI2026-04-16
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries CWE-89 8.8AIHighAI2026-04-16
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability CWE-183 8.3AIHighAI2026-04-16
CVE-2026-33207 DataEase SQL Injection Vulnerability CWE-89 9.8AICriticalAI2026-04-16
CVE-2026-33122 DataEase has SQL Injection via Datasource Management CWE-89 8.8AIHighAI2026-04-16
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow CWE-89 8.1AIHighAI2026-04-16
CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint CWE-89 7.5AIHighAI2026-04-16
CVE-2026-33083 DataEase has SQL Injection in Order By Clause CWE-89 8.8AIHighAI2026-04-16
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export CWE-89 9.8AICriticalAI2026-04-16
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass CWE-178 9.1 -2026-03-20
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass CWE-22 8.0AIHighAI2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS CWE-79 5.4AIMediumAI2026-03-12
CVE-2026-32137 DataEase SQL Injection Vulnerability CWE-89 9.8AICriticalAI2026-03-12
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover CWE-522 9.8AICriticalAI2026-01-22
CVE-2025-64428 DataEase DB2 JNDI Vulnerability CWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection CWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF CWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration CWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass CWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass CWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability CWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution CWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource CWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter CWE-918 9.8AICriticalAI2025-09-15
CVE-2025-57772 Dataease H2 JDBC RCE Bypass CWE-94 9.1AICriticalAI2025-08-25
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability CWE-502 8.8AIHighAI2025-08-25
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 9.1AICriticalAI2025-07-02
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 8.8AIHighAI2025-07-01
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability CWE-153 8.8AIHighAI2025-06-30

All 64 known CVE vulnerabilities affecting Dataease with full Chinese analysis, references, and POCs where available.