Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50468 | 1 Open-metadata | 1 Openmetadata | 2025-08-11 | N/A | 6.5 MEDIUM |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query. | |||||
| CVE-2025-50467 | 1 Open-metadata | 1 Openmetadata | 2025-08-11 | N/A | 6.5 MEDIUM |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query. | |||||
| CVE-2025-50466 | 1 Open-metadata | 1 Openmetadata | 2025-08-11 | N/A | 7.1 HIGH |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query. | |||||
| CVE-2025-50465 | 1 Open-metadata | 1 Openmetadata | 2025-08-11 | N/A | 7.1 HIGH |
| OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query. | |||||
| CVE-2024-55238 | 1 Open-metadata | 1 Openmetadata | 2025-04-24 | N/A | 7.1 HIGH |
| OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query. | |||||