Vulnerabilities > Metabase
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-26 | CVE-2022-43776 | Server-Side Request Forgery (SSRF) vulnerability in Metabase The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. | 6.5 |
2022-04-14 | CVE-2022-24853 | Information Exposure vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 5.3 |
2022-04-14 | CVE-2022-24854 | Unspecified vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 8.8 |
2022-04-14 | CVE-2022-24855 | Unspecified vulnerability in Metabase Metabase is an open source business intelligence and analytics application. | 5.4 |
2021-11-17 | CVE-2021-41277 | Path Traversal vulnerability in Metabase Metabase is an open source data analytics platform. | 7.5 |
2018-11-15 | CVE-2018-0697 | Cross-site Scripting vulnerability in Metabase Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |