metabase Summary
Latest vulnerabilities published by metabase
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Inefficient Regular Expression Complexity in Metabase's parseDataUri Function
CVE-2025-5895MetabaseMetabaseπΎπ‘5.3MEDIUMInsufficient Connection Purge in Metabase for Snowflake Integration
CVE-2025-32382MetabaseMetabase1.8LOWLocal Link Access Protection Circumvention in Metabase by Metabase Inc.
CVE-2025-30371MetabaseMetabase2.1LOWData Exposure in Metabase Enterprise Edition Affects User Permissions
CVE-2025-27141MetabaseMetabase4.8MEDIUMData Exposure Flaw in Metabase Open-Source Analytics Platform
CVE-2024-55951MetabaseMetabase vulnerable to remote code execution via POST /api/setup/validate API endpoint
CVE-2023-37470MetabaseMetabase10CRITICALRemote Code Execution Vulnerability in Metabase by Metabase
CVE-2023-38646MetabaseMetabaseπΎπ‘EPSS 94%9.8CRITICALMissing SQL permissions check in metabase
CVE-2023-32680MetabaseMetabase5.8MEDIUMMetabase subject to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-23628MetabaseMetabase5.7MEDIUMMetabase subject to Improper Privilege Management
CVE-2023-23629MetabaseMetabase6.3MEDIUMMetabase vulnerable to circumvention of Locked parameter in Signed Embedding
CVE-2022-39358MetabaseMetabase6.5MEDIUMMetabase's GeoJSON validation doesn't prevent redirects to blocked URLs
CVE-2022-39359MetabaseMetabase6.5MEDIUMMetabase SSO users able to circumvent IdP login by doing password reset
CVE-2022-39360MetabaseMetabase6.5MEDIUMMetabase vulnerable to Remote Code Execution via H2
CVE-2022-39361MetabaseMetabase8.8HIGHMetabase vulnerable to arbitrary SQL execution from queryhash
CVE-2022-39362MetabaseMetabase8.8HIGHServer Side Request Forgery in Metabase API Endpoint
CVE-2022-43776MetabaseMetabase6.5MEDIUMFile system exposure in Metabase
CVE-2022-24853MetabaseMetabaseπΎπ‘5.9MEDIUMDatabase bypassing any permissions in Metabase via SQlite attach
CVE-2022-24854MetabaseMetabase8HIGHXSS vulnerability in Metabase
CVE-2022-24855MetabaseMetabase8.7HIGHGeoJSON URL validation can expose server files and environment variables to unauthorized users
CVE-2021-41277MetabaseMetabaseπΎπ‘EPSS 94%π¦ 7.5HIGHCross-Site Scripting Vulnerability in Metabase by Metabase
CVE-2018-0697Metabase, Inc.Metabase6.1MEDIUM
9 June 2025
10 April 2025
28 March 2025
24 February 2025
16 December 2024
4 August 2023
21 July 2023
18 May 2023
28 January 2023
26 October 2022
14 April 2022
17 November 2021
15 November 2018
No more vulnerabilities to load.