Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

datahub-project — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting datahub-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Datahub-project serves as a metadata platform for data discovery, data lineage, and data governance. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 12 recorded CVEs. Notable security characteristics include its complex architecture involving multiple interconnected services, which can expand attack surfaces. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in areas like authentication and API endpoints suggests ongoing challenges in secure development practices. The project's open-source nature allows for community scrutiny but also exposes potential risks for organizations implementing it without proper hardening.

Top products by datahub-project: datahub
CVE IDTitleCVSSSeverityPublished
CVE-2026-25644 DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade — datahubCWE-295 7.5 High2026-02-06
CVE-2024-22409 Default Privileges allow for high level operations for low privileged users in datahub — datahubCWE-276 7.5 High2024-01-16
CVE-2023-47640 Insecure Use of HMAC-SHA1 For Session Signing in datahub — datahubCWE-327 6.4 Medium2023-11-14
CVE-2023-47628 Session Expiration Misconfiguration in datahub — datahubCWE-613 4.2 Medium2023-11-14
CVE-2023-47629 Privilege escalation through email sign-up in datahub — datahubCWE-269 7.1 High2023-11-14
CVE-2023-25557 Server-Side Request Forgery in DataHub — datahubCWE-918 7.5 High2023-02-10
CVE-2023-25558 Deserialization of untrusted data in DataHub — datahubCWE-502 7.5 High2023-02-10
CVE-2023-25559 System account impersonation in DataHub — datahubCWE-287 8.2 High2023-02-10
CVE-2023-25560 JSON Injection in DataHub — datahubCWE-913 8.2 High2023-02-10
CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub — datahubCWE-755 5.7 Medium2023-02-10
CVE-2023-25562 Failure to Invalidate Session on Logout in DataHub — datahubCWE-613 6.9 Medium2023-02-10
CVE-2022-39366 DataHub missing JWT signature check — datahubCWE-303 9.9 Critical2022-10-28

This page lists every published CVE security advisory associated with datahub-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.