cbcvebase.

Open-Metadata Openmetadata vulnerabilities

13 known vulnerabilities affecting open-metadata/openmetadata.

Total CVEs
13
CISA KEV
0
Public exploits
3
Exploited in wild
5
Severity breakdown
CRITICAL1HIGH9MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-28255P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.2.42024-03-15
CVE-2024-28255 [CRITICAL] CWE-287 CVE-2024-28255: OpenMetadata is a unified platform for discovery, observability, and governance powered by a central OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the req
nvd
CVE-2024-28254P1HIGHCVSS 8.8ExploitedPoCfixed in 1.2.42024-03-15
CVE-2024-28254 [HIGH] CWE-78 CVE-2024-28254: OpenMetadata is a unified platform for discovery, observability, and governance powered by a central OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and
nvd
CVE-2024-28253P1HIGHCVSS 8.8ExploitedPoCfixed in 1.3.12024-03-15
CVE-2024-28253 [HIGH] CWE-94 CVE-2024-28253: OpenMetadata is a unified platform for discovery, observability, and governance powered by a central OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `
nvd
CVE-2024-28848P1HIGHCVSS 8.8Exploitedfixed in 1.2.42024-03-15
CVE-2024-28848 [HIGH] CWE-94 CVE-2024-28848: OpenMetadata is a unified platform for discovery, observability, and governance powered by a central OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎CompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes suc
nvd
CVE-2024-28847P1HIGHCVSS 8.8Exploitedfixed in 1.2.42024-03-15
CVE-2024-28847 [HIGH] CWE-94 CVE-2024-28847: OpenMetadata is a unified platform for discovery, observability, and governance powered by a central OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare(
nvd
CVE-2025-50465P3HIGHCVSS 8.8≤ 1.4.42025-08-08
CVE-2025-50465 [HIGH] CWE-89 CVE-2025-50465: OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.
nvd
CVE-2024-55238P3HIGHCVSS 8.8≤ 1.4.12025-04-17
CVE-2024-55238 [HIGH] CWE-89 CVE-2024-55238: OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the da OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
nvd
CVE-2026-46481P3HIGHCVSS 8.3fixed in 1.12.42026-06-08
CVE-2026-46481 [HIGH] CWE-201 CVE-2026-46481: OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigg OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in request.connection.config.password and the ingestion bot JWT in openMetadataServerC
nvd
CVE-2026-22244P3HIGHCVSS 7.2fixed in 1.11.42026-01-08
CVE-2026-22244 [HIGH] CWE-1336 CVE-2026-22244: OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.
nvd
CVE-2026-26010P3HIGHCVSS 7.6fixed in 1.11.82026-02-11
CVE-2026-26010 [HIGH] CWE-269 CVE-2026-26010: OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1 OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes in Ope
nvd
CVE-2025-50466P3MEDIUMCVSS 6.5≤ 1.4.42025-08-08
CVE-2025-50466 [MEDIUM] CWE-89 CVE-2025-50466: OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.
nvd
CVE-2025-50467P3MEDIUMCVSS 6.5≤ 1.4.42025-08-08
CVE-2025-50467 [MEDIUM] CWE-89 CVE-2025-50467: OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.
nvd
CVE-2025-50468P3MEDIUMCVSS 6.5≤ 1.4.42025-08-08
CVE-2025-50468 [MEDIUM] CWE-89 CVE-2025-50468: OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the da OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.
nvd
Open-Metadata Openmetadata vulnerabilities | cvebase