Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

chartbrew — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting chartbrew. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Chartbrew is an open-source data visualization tool that allows users to create and manage dashboards by connecting to various data sources. Historically, it has been affected by multiple vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation and insecure authentication mechanisms. The tool's 14 recorded CVEs highlight recurring issues in its API endpoints and dashboard components, with some instances allowing unauthorized access to sensitive data. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous security testing and input sanitization to prevent potential exploitation.

Top products by chartbrew: chartbrew
CVE IDTitleCVSSSeverityPublished
CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override — chartbrewCWE-284 6.5 Medium2026-04-30
CVE-2026-40601 Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle — chartbrewCWE-862 7.5 High2026-04-30
CVE-2026-40600 Chartbrew: Incorrect Access Control in project share policy routes via unbound policy_id — chartbrewCWE-639 8.1 High2026-04-30
CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks — chartbrewCWE-284 7.5 High2026-04-30
CVE-2026-35514 Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in Chartbrew — chartbrewCWE-306 6.5 Medium2026-04-30
CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks — chartbrewCWE-284 8.1 High2026-04-30
CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id` — chartbrewCWE-285 7.7 High2026-04-10
CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs — chartbrewCWE-918 8.1 -2026-04-10
CVE-2026-27605 Chartbrew: Stored Cross-Site Scripting (XSS) via File Upload API — chartbrewCWE-434 6.3 Medium2026-03-06
CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions — chartbrewCWE-306 5.3 -2026-03-06
CVE-2026-27005 Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables) — chartbrewCWE-89 9.1 -2026-03-06
CVE-2026-25888 Chartbrew: Remote Code Execution (RCE) via Vulnerable API — chartbrewCWE-94 8.8 High2026-03-06
CVE-2026-25887 Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query — chartbrewCWE-94 7.2 High2026-03-06
CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations — chartbrewCWE-284 6.5 Medium2026-03-06

This page lists every published CVE security advisory associated with chartbrew. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.