Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Dataease — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting Dataease. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DataEase is an open-source data visualization and analytics tool designed to simplify business intelligence by enabling users to create dashboards from diverse data sources. Despite its utility, the platform has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security hygiene issues. Analysis of these vulnerabilities reveals a prevalence of remote code execution, cross-site scripting, and authentication bypass flaws, often stemming from insufficient input validation and improper access control mechanisms. These defects frequently allow unauthenticated attackers to compromise system integrity or escalate privileges within the application environment. While no single catastrophic public breach has been widely documented as a defining incident, the sheer volume of disclosed CVEs suggests persistent challenges in securing the codebase against common web application attack vectors. This pattern highlights the critical need for rigorous security auditing in open-source data tools to prevent exploitation by malicious actors seeking unauthorized access to sensitive organizational data.

Found 63 results / 71Clear Filters
Top products by Dataease: dataease SQLBot
CVE IDTitleCVSSSeverityPublished
CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability — dataeaseCWE-290 8.2AIHighAI2025-06-03
CVE-2025-49001 Dataease Authentication Bypass Vulnerability — dataeaseCWE-287 5.3AIMediumAI2025-06-03
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability — dataeaseCWE-923 7.5AIHighAI2025-06-03
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability — dataeaseCWE-89 8.8AIHighAI2025-06-03
CVE-2025-46566 Dataease redshift JDBC Connection Remote Code Execution — dataeaseCWE-923 8.8AIHighAI2025-05-01
CVE-2025-32966 Dataease H2 JDBC Connection Remote Code Execution — dataeaseCWE-290 8.8 -2025-04-23
CVE-2025-27138 DataEase has an improper authentication vulnerability — dataeaseCWE-287 9.1 -2025-03-13
CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability​ — dataeaseCWE-89 8.8 -2025-03-13
CVE-2025-24974 DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability — dataeaseCWE-862 8.8 -2025-03-13
CVE-2024-56511 DataEase has an unauthorized vulnerability — dataeaseCWE-289 9.1 -2025-01-10
CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability — dataeaseCWE-20 8.8 -2024-12-18
CVE-2024-55953 Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability — dataeaseCWE-89 8.8 -2024-12-18
CVE-2024-52295 DataEase has a forged JWT token vulnerability — dataeaseCWE-798 9.8AICriticalAI2024-11-13
CVE-2024-47073 Dataease arbitrary interface access vulnerability — dataeaseCWE-347 9.1AICriticalAI2024-11-07
CVE-2024-47074 Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability — dataeaseCWE-502 9.8AICriticalAI2024-10-11
CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk — dataeaseCWE-74 9.8 Critical2024-09-23
CVE-2024-46985 DataEase has an XXE vulnerability — dataeaseCWE-611 7.5 High2024-09-23
CVE-2024-31441 Arbitrary File Reading in DataEase — dataeaseCWE-863 7.5 High2024-05-10
CVE-2024-30269 DataEase has database configuration information exposure vulnerability — dataeaseCWE-200 5.3 Medium2024-04-08
CVE-2024-23328 The Dataease datasource exists deserialization and arbitrary file read vulnerability — dataeaseCWE-502 9.1 Critical2024-02-01
CVE-2023-40183 DataEase has a vulnerability to obtain user cookies — dataeaseCWE-434 7.5 High2023-09-21
CVE-2023-37258 DataEase has a SQL injection vulnerability that can bypass blacklists — dataeaseCWE-89 8.8 High2023-07-25
CVE-2023-37257 The DataEase panel and dataset have a stored XSS vulnerability — dataeaseCWE-79 5.4 Medium2023-07-25
CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase — dataeaseCWE-862 6.3 Medium2023-06-26
CVE-2023-34463 Unauthorized users can delete applications in DataEase — dataeaseCWE-862 8.1 High2023-06-26
CVE-2023-35168 DataEase has a privilege bypass vulnerability — dataeaseCWE-732 6.5 Medium2023-06-26
CVE-2023-33963 DataEase data source has deserialization vulnerability — dataeaseCWE-502 9.8 Critical2023-06-01
CVE-2023-32310 DataEase API interface has IDOR vulnerability — dataeaseCWE-639 8.1 High2023-06-01
CVE-2023-28637 DataEase AWS redshift data source exists for remote code execution vulnerability — dataeaseCWE-74 8.0 High2023-03-28
CVE-2023-28437 SQL injection vulnerability due to the keyword blacklist for defending against SQL injection will be bypassed — dataeaseCWE-89 9.8 Critical2023-03-24

This page lists every published CVE security advisory associated with Dataease. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.