Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dataease — Vulnerabilities & Security Advisories 71

Browse all 71 CVE security advisories affecting dataease. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DataEase is an open-source data visualization and analytics tool designed to simplify business intelligence by enabling users to create dashboards from diverse data sources. Despite its utility, the platform has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security hygiene issues. Analysis of these vulnerabilities reveals a prevalence of remote code execution, cross-site scripting, and authentication bypass flaws, often stemming from insufficient input validation and improper access control mechanisms. These defects frequently allow unauthenticated attackers to compromise system integrity or escalate privileges within the application environment. While no single catastrophic public breach has been widely documented as a defining incident, the sheer volume of disclosed CVEs suggests persistent challenges in securing the codebase against common web application attack vectors. This pattern highlights the critical need for rigorous security auditing in open-source data tools to prevent exploitation by malicious actors seeking unauthorized access to sensitive organizational data.

Top products by dataease: dataease SQLBot
CVE IDTitleCVSSSeverityPublished
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution — SQLBotCWE-89 8.8 -2026-05-05
CVE-2026-40901 DataEase: Quartz Deserialization → Remote Code Execution — dataeaseCWE-502 8.8AIHighAI2026-04-16
CVE-2026-40900 DataEase has SQL Injection via Stacked Queries — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability — dataeaseCWE-183 8.3AIHighAI2026-04-16
CVE-2026-33207 DataEase SQL Injection Vulnerability — dataeaseCWE-89 9.8AICriticalAI2026-04-16
CVE-2026-33122 DataEase has SQL Injection via Datasource Management — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow — dataeaseCWE-89 8.1AIHighAI2026-04-16
CVE-2026-33084 DataEase has SQL Injection through its getFieldEnumObj Endpoint — dataeaseCWE-89 7.5AIHighAI2026-04-16
CVE-2026-33083 DataEase has SQL Injection in Order By Clause — dataeaseCWE-89 8.8AIHighAI2026-04-16
CVE-2026-33082 DataEase: SQL Injection in v2 Dataset Export — dataeaseCWE-89 9.8AICriticalAI2026-04-16
CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery — SQLbotCWE-918 4.7 Medium2026-04-02
CVE-2026-32950 SQLBot: RCE via SQL Injection in Excel Upload Endpoint — SQLBotCWE-89 8.8 -2026-03-20
CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL — SQLBotCWE-918 7.5 -2026-03-20
CVE-2026-32939 DataEase is Vulnerable to H2 JDBC RCE Bypass — dataeaseCWE-178 9.1 -2026-03-20
CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning — SQLBotCWE-862 8.8 -2026-03-19
CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass — dataeaseCWE-22 8.0AIHighAI2026-03-12
CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS — dataeaseCWE-79 5.4AIMediumAI2026-03-12
CVE-2026-32137 DataEase SQL Injection Vulnerability — dataeaseCWE-89 9.8AICriticalAI2026-03-12
CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification — SQLBotCWE-347 3.7 Low2026-03-03
CVE-2025-15597 Dataease SQLBot API Endpoint assistant.py access control — SQLBotCWE-284 6.3 Medium2026-03-02
CVE-2026-23958 DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Password that Enables Full Account Takeover — dataeaseCWE-522 9.8AICriticalAI2026-01-22
CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability — SQLBotCWE-306 9.8AICriticalAI2026-01-21
CVE-2025-64428 DataEase DB2 JNDI Vulnerability — dataeaseCWE-74 9.1 -2025-11-20
CVE-2025-64164 DataEase is vulnerable to Oracle JNDI Injection — dataeaseCWE-502 8.1 -2025-11-06
CVE-2025-64163 DataEase's DB2 is vulnerable to SSRF — dataeaseCWE-918 10.0 -2025-11-05
CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration — dataeaseCWE-502 9.8AICriticalAI2025-10-17
CVE-2025-62420 DataEase vulnerable to remote code execution via H2 JDBC driver bypass — dataeaseCWE-502 8.1AIHighAI2025-10-17
CVE-2025-62421 DataEase vulnerable to stored cross-site scripting via file upload bypass — dataeaseCWE-79 5.4AIMediumAI2025-10-17
CVE-2025-62422 DataEase SQL injection vulnerability — dataeaseCWE-89 9.8AICriticalAI2025-10-17
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution — dataeaseCWE-502 9.8AICriticalAI2025-09-15

This page lists every published CVE security advisory associated with dataease. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.