Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenRefine — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting OpenRefine. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenRefine serves as a powerful tool for cleaning and transforming messy data, enabling users to explore and refine datasets through an interactive interface. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with 11 CVEs documented to date. The application's web-based nature and data processing capabilities have made it a target for security researchers, though no major public incidents have been widely reported. Users should remain vigilant about input validation and access controls when deploying this tool in production environments, as its data manipulation features could be exploited if proper security measures are not implemented.

Top products by OpenRefine: OpenRefine simile-butterfly
CVE IDTitleCVSSSeverityPublished
CVE-2024-49760 OpenRefine has a path traversal in LoadLanguageCommand — OpenRefineCWE-22 7.1 High2024-10-24
CVE-2024-47883 Butterfly has path/URL confusion in resource handling leading to multiple weaknesses — simile-butterflyCWE-36 9.1 Critical2024-10-24
CVE-2024-47882 OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project — OpenRefineCWE-79 5.9 Medium2024-10-24
CVE-2024-47881 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE) — OpenRefineCWE-89 8.1 High2024-10-24
CVE-2024-47880 OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand — OpenRefineCWE-79 8.1 High2024-10-24
CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF) — OpenRefineCWE-352 7.6 High2024-10-24
CVE-2024-47878 Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) — OpenRefineCWE-79 8.1 High2024-10-24
CVE-2024-23833 OpenRefine JDBC Attack Vulnerability — OpenRefineCWE-22 7.5 High2024-02-12
CVE-2023-41887 Remote Code exec in project import with mysql jdbc url attack — OpenRefineCWE-89 9.8 Critical2023-09-15
CVE-2023-41886 OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack — OpenRefineCWE-89 7.5 High2023-09-15
CVE-2023-37476 Zip slip in OpenRefine — OpenRefineCWE-22 5.5 Medium2023-07-17

This page lists every published CVE security advisory associated with OpenRefine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.