Filter
-Infinity
0

Trending

Last week
Last month
Last year

MetabaseMetabase vulnerable to circumvention of local link access protection in GeoJson endpoint

low
2.1
EPSS
0.04%
First published (updated )
CVE-2025-30371

MetabaseMetabase Enterprise Edition allows cached questions to leak data to impersonated users

medium
6.5
EPSS
0.03%
First published (updated )
CVE-2025-27141

MetabaseMetabase sandboxed users could see filter values from other sandboxed users

medium
4.8
First published (updated )
CVE-2024-55951

MetabaseMetabase vulnerable to remote code execution via POST /api/setup/validate API endpoint

critical
10
First published (updated )
CVE-2023-37470

MetabaseMetabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to exec…

critical
9.8
First published (updated )
CVE-2023-38646

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MetabaseMissing SQL permissions check in metabase

critical
9.6
First published (updated )
CVE-2023-32680

MetabaseMetabase subject to Improper Privilege Management

medium
6.3
First published (updated )
CVE-2023-23629

MetabaseMetabase subject to Exposure of Sensitive Information to an Unauthorized Actor

medium
5.7
First published (updated )
CVE-2023-23628

MetabaseSSRF

medium
6.5
First published (updated )
CVE-2022-43776

MetabaseMetabase vulnerable to circumvention of Locked parameter in Signed Embedding

medium
6.5
First published (updated )
CVE-2022-39358

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MetabaseMetabase's GeoJSON validation doesn't prevent redirects to blocked URLs

medium
6.5
First published (updated )
CVE-2022-39359

MetabaseMetabase SSO users able to circumvent IdP login by doing password reset

medium
6.5
First published (updated )
CVE-2022-39360

MetabaseMetabase vulnerable to Remote Code Execution via H2

high
8.8
First published (updated )
CVE-2022-39361

MetabaseMetabase vulnerable to arbitrary SQL execution from queryhash

high
8.8
First published (updated )
CVE-2022-39362

MetabaseFile system exposure in Metabase

medium
5.9
First published (updated )
CVE-2022-24853

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

MetabaseDatabase bypassing any permissions in Metabase via SQlite attach

high
8.8
First published (updated )
CVE-2022-24854

MetabaseXSS vulnerability in Metabase

high
8.7
First published (updated )
CVE-2022-24855

MetabaseMetabase GeoJSON API Local File Inclusion Vulnerability

critical
10
Exploited
First published (updated )
CVE-2021-41277

MetabaseXSS

medium
6.1
First published (updated )
CVE-2018-0697

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203