open-metadata — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting open-metadata. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by open-metadata:OpenMetadata

CVE ID	Title	CVSS	Severity	Published
CVE-2026-26010	Leaky JWTs in OpenMetadata exposing highly-privileged bot users — OpenMetadataCWE-269	8.1^AI	High^AI	2026-02-11
CVE-2026-22244	OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE — OpenMetadataCWE-1336	7.2	-	2026-01-08
CVE-2024-28848	SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata — OpenMetadataCWE-94	8.8	High	2024-03-15
CVE-2024-28255	Authentication Bypass in OpenMetadata — OpenMetadataCWE-287	9.8	Critical	2024-03-15
CVE-2024-28847	SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata — OpenMetadataCWE-94	8.8	High	2024-03-15
CVE-2024-28254	SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata — OpenMetadataCWE-78	8.8	High	2024-03-15
CVE-2024-28253	SpEL Injection in `PUT /api/v1/policies` in OpenMetadata — OpenMetadataCWE-94	9.4	Critical	2024-03-15

This page lists every published CVE security advisory associated with open-metadata. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

open-metadata — Vulnerabilities & Security Advisories 7