Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

metabase — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting metabase. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Metabase operates as an open-source business intelligence platform, enabling organizations to visualize data and generate reports through a user-friendly interface. Its architecture, primarily built on Java and Clojure, has historically exposed it to several critical vulnerability classes, including remote code execution, SQL injection, and cross-site scripting. Recent records indicate approximately twenty Common Vulnerabilities and Exposures (CVEs), reflecting ongoing challenges in securing its complex query engine and authentication mechanisms. Notable incidents have involved improper access controls allowing unauthorized users to execute arbitrary queries or escalate privileges, potentially compromising sensitive corporate data. The software’s reliance on third-party libraries has also introduced supply chain risks. While the development team actively patches identified flaws, the frequency of disclosed issues underscores the necessity for rigorous configuration management and regular updates to mitigate exposure to known exploit vectors within enterprise environments.

Top products by metabase: metabase
CVE IDTitleCVSSSeverityPublished
CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import — metabaseCWE-502 7.2 High2026-03-27
CVE-2026-27464 Metabase: Server-Side Template Injection via Notifications Endpoint Leads to RCE — metabaseCWE-1336 7.7 High2026-02-21
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses — metabaseCWE-918 8.2AIHighAI2026-01-12
CVE-2025-32382 Snowflake credentials logged by the Metabase backend — metabaseCWE-532 8.1AIHighAI2025-04-10
CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint — metabaseCWE-59 6.1 -2025-03-28
CVE-2025-27141 Metabase Enterprise Edition allows cached questions to leak data to impersonated users — metabaseCWE-732 4.3 -2025-02-24
CVE-2024-55951 Metabase sandboxed users could see filter values from other sandboxed users — metabaseCWE-200 5.0 -2024-12-16
CVE-2023-37470 Metabase vulnerable to remote code execution via POST /api/setup/validate API endpoint — metabaseCWE-94 10.0 Critical2023-08-04
CVE-2023-32680 Missing SQL permissions check in metabase — metabaseCWE-306 5.8 Medium2023-05-18
CVE-2023-23629 Metabase subject to Improper Privilege Management — metabaseCWE-200 6.3 Medium2023-01-28
CVE-2023-23628 Metabase subject to Exposure of Sensitive Information to an Unauthorized Actor — metabaseCWE-200 5.7 Medium2023-01-28
CVE-2022-39362 Metabase vulnerable to arbitrary SQL execution from queryhash — metabaseCWE-356 8.8 High2022-10-26
CVE-2022-39361 Metabase vulnerable to Remote Code Execution via H2 — metabaseCWE-20 8.8 High2022-10-26
CVE-2022-39360 Metabase SSO users able to circumvent IdP login by doing password reset — metabaseCWE-304 6.5 Medium2022-10-26
CVE-2022-39359 Metabase's GeoJSON validation doesn't prevent redirects to blocked URLs — metabaseCWE-200 6.5 Medium2022-10-26
CVE-2022-39358 Metabase vulnerable to circumvention of Locked parameter in Signed Embedding — metabaseCWE-200 6.5 Medium2022-10-26
CVE-2022-24853 File system exposure in Metabase — metabaseCWE-200 5.9 Medium2022-04-14
CVE-2022-24854 Database bypassing any permissions in Metabase via SQlite attach — metabaseCWE-610 8.0 High2022-04-14
CVE-2022-24855 XSS vulnerability in Metabase — metabaseCWE-79 8.7 High2022-04-14
CVE-2021-41277 GeoJSON URL validation can expose server files and environment variables to unauthorized users — metabaseCWE-200 10.0 Critical2021-11-17

This page lists every published CVE security advisory associated with metabase. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.