Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

metabase — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting metabase. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by metabase:metabase
CVE IDTitleCVSSSeverityPublished
CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import — metabaseCWE-502 7.2 High2026-03-27
CVE-2026-27464 Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE — metabaseCWE-1336 7.7 High2026-02-21
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses — metabaseCWE-918 8.2AIHighAI2026-01-12
CVE-2025-32382 Snowflake credentials logged by the Metabase backend — metabaseCWE-532 8.1AIHighAI2025-04-10
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint — metabaseCWE-59 6.1 -2025-03-28
CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users — metabaseCWE-732 4.3 -2025-02-24
CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users — metabaseCWE-200 5.0 -2024-12-16
CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint — metabaseCWE-94 10.0 Critical2023-08-04
CVE-2023-32680 Missing SQL permissions check in metabase — metabaseCWE-306 5.8 Medium2023-05-18
CVE-2023-23629 Metabase subject to Improper Privilege Management — metabaseCWE-200 6.3 Medium2023-01-28
CVE-2023-23628 Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor — metabaseCWE-200 5.7 Medium2023-01-28
CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash — metabaseCWE-356 8.8 High2022-10-26
CVE-2022-39361 Metabase vulnerable to Remote Code Execution via H2 — metabaseCWE-20 8.8 High2022-10-26
CVE-2022-39360 Metabase SSO users able to circumvent IdP login by doing password reset — metabaseCWE-304 6.5 Medium2022-10-26
CVE-2022-39359 Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs — metabaseCWE-200 6.5 Medium2022-10-26
CVE-2022-39358 Metabase vulnerable to circumvention of Locked parameter in Signed Embedding — metabaseCWE-200 6.5 Medium2022-10-26
CVE-2022-24853 File system exposure in Metabase — metabaseCWE-200 5.9 Medium2022-04-14
CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach — metabaseCWE-610 8.0 High2022-04-14
CVE-2022-24855 XSS vulnerability in Metabase — metabaseCWE-79 8.7 High2022-04-14
CVE-2021-41277 GeoJSON URL validation can expose server files and environment variables to unauthorized users — metabaseCWE-200 10.0 Critical2021-11-17

This page lists every published CVE security advisory associated with metabase. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.