VYPR
Vendor

Open Metadata

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2026-46481HigJun 8, 2026
    risk 0.47cvss 8.3epss 0.00

    OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in…

  • CVE-2024-28255Mar 15, 2024
    risk 0.11cvss epss 0.73

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request…

  • CVE-2024-28254Mar 15, 2024
    risk 0.07cvss epss 0.46

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by…

  • CVE-2024-28253Mar 15, 2024
    risk 0.07cvss epss 0.13

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called…

  • CVE-2024-28848Mar 15, 2024
    risk 0.06cvss epss 0.08

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `‎CompiledRule::validateExpression` method evaluates an SpEL expression using an…

  • CVE-2024-28847Mar 15, 2024
    risk 0.01cvss epss 0.02

    OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from…

  • CVE-2026-26010Feb 11, 2026
    risk 0.00cvss epss 0.00

    OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a highly privileged account, typically…

  • CVE-2026-22244Jan 8, 2026
    risk 0.00cvss epss 0.01

    OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4…

  • CVE-2025-50468Aug 8, 2025
    risk 0.00cvss epss 0.00

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query.

  • CVE-2025-50466Aug 8, 2025
    risk 0.00cvss epss 0.00

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query.

  • CVE-2025-50465Aug 8, 2025
    risk 0.00cvss epss 0.00

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query.

  • CVE-2025-50467Aug 8, 2025
    risk 0.00cvss epss 0.00

    OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query.