Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Dataease — Vulnerabilities & Security Advisories 64

All 64 CVE vulnerabilities found in Dataease, with AI-generated Chinese analysis, references, and POCs.

This page serves as a vulnerability aggregation resource for DataEase, covering various common weakness types and security tags associated with this open-source data visualization tool. It collects and indexes a comprehensive range of software vulnerabilities, including but not limited to cross-site scripting, authentication bypasses, and logic flaws, spanning from the product's initial release through to recent security advisories. Here, users can effectively track vendor advisories to stay informed about patch availability and security updates, gain a deeper understanding of specific weakness classes by analyzing recurring patterns in reported issues, and lookup the product's vulnerability history to assess its long-term security posture and remediation trends. This structured approach allows security professionals and administrators to quickly identify known risks, evaluate the impact of disclosed flaws on their specific deployment environments, and prioritize mitigation efforts based on verified data rather than anecdotal evidence. By centralizing this information, the page simplifies the complex task of monitoring open-source software security, enabling teams to make informed decisions regarding updates and configurations without sifting through disparate sources.

Vendor: dataease

CVE IDTitleCVSSSeverityPublished
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution CWE-153 9.8AICriticalAI2025-06-26
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability CWE-290 8.2AIHighAI2025-06-03
CVE-2025-49001 Dataease Authentication Bypass Vulnerability CWE-287 5.3AIMediumAI2025-06-03
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability CWE-923 7.5AIHighAI2025-06-03
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability CWE-89 8.8AIHighAI2025-06-03
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution CWE-923 8.8AIHighAI2025-05-01
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution CWE-290 8.8 -2025-04-23
CVE-2025-27138 DataEase has an improper authentication vulnerability CWE-287 9.1 -2025-03-13
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​ CWE-89 8.8 -2025-03-13
CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability CWE-862 8.8 -2025-03-13
CVE-2024-56511 DataEase has an unauthorized vulnerability CWE-289 9.1 -2025-01-10
CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability CWE-20 8.8 -2024-12-18
CVE-2024-55953 Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability CWE-89 8.8 -2024-12-18
CVE-2024-52295 DataEase has a forged JWT token vulnerability CWE-798 9.8AICriticalAI2024-11-13
CVE-2024-47073 Dataease arbitrary interface access vulnerability CWE-347 9.1AICriticalAI2024-11-07
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability CWE-502 9.8AICriticalAI2024-10-11
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk CWE-74 9.8 Critical2024-09-23
CVE-2024-46985 DataEase has an XXE vulnerability CWE-611 7.5 High2024-09-23
CVE-2024-31441 Arbitrary File Reading in DataEase CWE-863 7.5 High2024-05-10
CVE-2024-30269 DataEase has database configuration information exposure vulnerability CWE-200 5.3 Medium2024-04-08
CVE-2024-23328 The Dataease datasource exists deserialization and arbitrary file read vulnerability CWE-502 9.1 Critical2024-02-01
CVE-2023-40183 DataEase has a vulnerability to obtain user cookies CWE-434 7.5 High2023-09-21
CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists CWE-89 8.8 High2023-07-25
CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability CWE-79 5.4 Medium2023-07-25
CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase CWE-862 6.3 Medium2023-06-26
CVE-2023-34463 Unauthorized users can delete applications in DataEase CWE-862 8.1 High2023-06-26
CVE-2023-35168 DataEase has a privilege bypass vulnerability CWE-732 6.5 Medium2023-06-26
CVE-2023-33963 DataEase data source has deserialization vulnerability CWE-502 9.8 Critical2023-06-01
CVE-2023-32310 DataEase API interface has IDOR vulnerability CWE-639 8.1 High2023-06-01
CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability CWE-74 8.0 High2023-03-28

All 64 known CVE vulnerabilities affecting Dataease with full Chinese analysis, references, and POCs where available.