Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

dataease — Vulnerabilities & Security Advisories 72

Browse all 72 CVE security advisories affecting dataease. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DataEase is an open-source data visualization and analytics tool designed to simplify business intelligence by enabling users to create dashboards from diverse data sources. Despite its utility, the platform has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security hygiene issues. Analysis of these vulnerabilities reveals a prevalence of remote code execution, cross-site scripting, and authentication bypass flaws, often stemming from insufficient input validation and improper access control mechanisms. These defects frequently allow unauthenticated attackers to compromise system integrity or escalate privileges within the application environment. While no single catastrophic public breach has been widely documented as a defining incident, the sheer volume of disclosed CVEs suggests persistent challenges in securing the codebase against common web application attack vectors. This pattern highlights the critical need for rigorous security auditing in open-source data tools to prevent exploitation by malicious actors seeking unauthorized access to sensitive organizational data.

Top products by dataease: dataease SQLBot
High2026-04-18
Release v2.10.21 · dataease/dataease · GitHub
HighCVE-2025-330832026-04-18
SQL Injection in Order By Clause · Advisory · dataease/dataease · GitHub
HighGHSA-944x-93jf-h3rx2026-04-18
Arbitrary File Read Vulnerability · Advisory · dataease/dataease · GitHub
Critical2026-04-18
Quartz Deserialization → Remote Code Execution · Advisory · dataease/dataease · GitHub
CriticalCVE-2024-409002026-04-18
SQL Injection via Stacked Queries · Advisory · dataease/dataease · GitHub
Critical2026-04-18
SQL Injection in getFieldEnumObj Endpoint · Advisory · dataease/dataease · GitHub
High2026-04-18
DataEase SQL Injection Vulnerability · Advisory · dataease/dataease · GitHub
HighCVE-2025-644282025-11-21
DataEase DB2 JNDI Vulnerability · Advisory · dataease/dataease · GitHub
HighCVE-2025-641632025-11-06
DataEase DB2 SSRF Vulnerability · Advisory · dataease/dataease · GitHub
High2025-09-16
fix: 修复漏洞 · dataease/dataease@7707865 · GitHub
High2025-08-27
fix: 【漏洞】Dataease H2 JDBC RCE Bypass's Bypass · dataease/dataease@1644d81 · GitHub
High2025-07-06
Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability · Advisory · dataease/dataeas
HighCVE-2021-423922025-07-06
Dataease H2 JDBC Connection Remote Code Execution · Advisory · dataease/dataease · GitHub
Medium2025-06-05
fix: 过滤 redshift 非法参数 · dataease/dataease@03b18db · GitHub
HighCVE-2023-471532025-06-05
Dataease Mysql JDBC Connection Parameters Not Verified Leads to Arbitrary File Read Vulnerability​ · Advisory · dataease
High2024-11-11
Dataease has arbitrary interface access vulnerability · Advisory · dataease/dataease · GitHub
Unknown2024-10-12
fix: pg jdbc 校验非法字符 · dataease/dataease@86eafc4 · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with dataease. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.