Browse all 71 CVE security advisories affecting dataease. AI-powered Chinese analysis, POCs, and references for each vulnerability.
DataEase is an open-source data visualization and analytics tool designed to simplify business intelligence by enabling users to create dashboards from diverse data sources. Despite its utility, the platform has accumulated 71 recorded Common Vulnerabilities and Exposures, indicating significant historical security hygiene issues. Analysis of these vulnerabilities reveals a prevalence of remote code execution, cross-site scripting, and authentication bypass flaws, often stemming from insufficient input validation and improper access control mechanisms. These defects frequently allow unauthenticated attackers to compromise system integrity or escalate privileges within the application environment. While no single catastrophic public breach has been widely documented as a defining incident, the sheer volume of disclosed CVEs suggests persistent challenges in securing the codebase against common web application attack vectors. This pattern highlights the critical need for rigorous security auditing in open-source data tools to prevent exploitation by malicious actors seeking unauthorized access to sensitive organizational data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33324 | SQLBot prompt injection allows arbitrary SQL execution and remote code execution — SQLBotCWE-89 | 8.8 | - | 2026-05-05 |
| CVE-2026-5417 | Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery — SQLbotCWE-918 | 4.7 | Medium | 2026-04-02 |
| CVE-2026-32950 | SQLBot: RCE via SQL Injection in Excel Upload Endpoint — SQLBotCWE-89 | 8.8 | - | 2026-03-20 |
| CVE-2026-32949 | SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL — SQLBotCWE-918 | 7.5 | - | 2026-03-20 |
| CVE-2026-32622 | SQLBot: Remote Code Execution via Terminology Poisoning — SQLBotCWE-862 | 8.8 | - | 2026-03-19 |
| CVE-2025-15598 | Dataease SQLBot JWT Token auth.py validateEmbedded signature verification — SQLBotCWE-347 | 3.7 | Low | 2026-03-03 |
| CVE-2025-15597 | Dataease SQLBot API Endpoint assistant.py access control — SQLBotCWE-284 | 6.3 | Medium | 2026-03-02 |
| CVE-2025-69285 | SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability — SQLBotCWE-306 | 9.8AI | CriticalAI | 2026-01-21 |
This page lists every published CVE security advisory associated with dataease. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.