Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Dataease — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting Dataease. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DataEase is an open-source data visualization and analytics tool designed to simplify business intelligence by enabling users to create dashboards from diverse data sources. Despite its utility, the platform has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security hygiene issues. Analysis of these vulnerabilities reveals a prevalence of remote code execution, cross-site scripting, and authentication bypass flaws, often stemming from insufficient input validation and improper access control mechanisms. These defects frequently allow unauthenticated attackers to compromise system integrity or escalate privileges within the application environment. While no single catastrophic public breach has been widely documented as a defining incident, the sheer volume of disclosed CVEs suggests persistent challenges in securing the codebase against common web application attack vectors. This pattern highlights the critical need for rigorous security auditing in open-source data tools to prevent exploitation by malicious actors seeking unauthorized access to sensitive organizational data.

Top products by Dataease: dataease SQLBot
CVE IDTitleCVSSSeverityPublished
CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource — dataeaseCWE-502 9.8AICriticalAI2025-09-15
CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter — dataeaseCWE-918 9.8AICriticalAI2025-09-15
CVE-2025-57772 Dataease H2 JDBC RCE Bypass — dataeaseCWE-94 9.1AICriticalAI2025-08-25
CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability — dataeaseCWE-502 8.8AIHighAI2025-08-25
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 9.1AICriticalAI2025-07-02
CVE-2025-53005 Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 8.8AIHighAI2025-07-01
CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability — dataeaseCWE-153 8.8AIHighAI2025-06-30
CVE-2025-49003 Dataease H2 JDBC Connection Remote Code Execution — dataeaseCWE-153 9.8AICriticalAI2025-06-26
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability — dataeaseCWE-290 8.2AIHighAI2025-06-03
CVE-2025-49001 Dataease Authentication Bypass Vulnerability — dataeaseCWE-287 5.3AIMediumAI2025-06-03
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability — dataeaseCWE-923 7.5AIHighAI2025-06-03
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability — dataeaseCWE-89 8.8AIHighAI2025-06-03
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution — dataeaseCWE-923 8.8AIHighAI2025-05-01
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution — dataeaseCWE-290 8.8 -2025-04-23
CVE-2025-27138 DataEase has an improper authentication vulnerability — dataeaseCWE-287 9.1 -2025-03-13
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​ — dataeaseCWE-89 8.8 -2025-03-13
CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability — dataeaseCWE-862 8.8 -2025-03-13
CVE-2024-56511 DataEase has an unauthorized vulnerability — dataeaseCWE-289 9.1 -2025-01-10
CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability — dataeaseCWE-20 8.8 -2024-12-18
CVE-2024-55953 Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability — dataeaseCWE-89 8.8 -2024-12-18
CVE-2024-52295 DataEase has a forged JWT token vulnerability — dataeaseCWE-798 9.8AICriticalAI2024-11-13
CVE-2024-47073 Dataease arbitrary interface access vulnerability — dataeaseCWE-347 9.1AICriticalAI2024-11-07
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability — dataeaseCWE-502 9.8AICriticalAI2024-10-11
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk — dataeaseCWE-74 9.8 Critical2024-09-23
CVE-2024-46985 DataEase has an XXE vulnerability — dataeaseCWE-611 7.5 High2024-09-23
CVE-2024-31441 Arbitrary File Reading in DataEase — dataeaseCWE-863 7.5 High2024-05-10
CVE-2024-30269 DataEase has database configuration information exposure vulnerability — dataeaseCWE-200 5.3 Medium2024-04-08
CVE-2024-23328 The Dataease datasource exists deserialization and arbitrary file read vulnerability — dataeaseCWE-502 9.1 Critical2024-02-01
CVE-2023-40183 DataEase has a vulnerability to obtain user cookies — dataeaseCWE-434 7.5 High2023-09-21
CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists — dataeaseCWE-89 8.8 High2023-07-25

This page lists every published CVE security advisory associated with Dataease. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.