metabase · threatengine.sh

CVE-2026-33725

< 1.54.22

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.

7.2HIGH

CVE-2026-27464

< 0.57.13

Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated

7.7HIGH

CVE-2026-22805

< 0.55.13

Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow user

8.6HIGH

CVE-2025-5895

all versions

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the

4.3MEDIUM

CVE-2025-27141

>= 1.47.0 and < 1.50.36

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in v

6.5MEDIUM

CVE-2023-37470

< 0.43.7.3

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4,

10.0CRITICAL

CVE-2023-38646

< 0.43.7.2

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the

9.8CRITICAL

CVE-2023-32680

< 0.44.7

Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least

5.8MEDIUM

CVE-2023-23629

< 0.43.7.1

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, r

6.3MEDIUM

CVE-2023-23628

< 0.43.7.1

Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unaut

5.7MEDIUM

CVE-2022-39362

>= 0.41.0 and < 0.41.9

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, uns

8.8HIGH

CVE-2022-39361

>= 0.41.0 and < 0.41.9

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2

8.8HIGH

CVE-2022-39360

>= 0.41.0 and < 0.41.9

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9 sing

6.5MEDIUM

CVE-2022-39359

>= 0.41.0 and < 0.41.9

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, cus

6.5MEDIUM

CVE-2022-39358

>= 0.42.0 and < 0.42.6

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possible to

6.5MEDIUM

CVE-2022-43776

< 0.44.5

The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attac

6.5MEDIUM

CVE-2022-24855

>= 0.40.0 and < 0.40.8

Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal d

8.7HIGH

CVE-2022-24854

>= 0.41.0 and < 0.41.7

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE

8.0HIGH

CVE-2022-24853

>= 0.40.0 and < 0.40.8

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON m

5.9MEDIUM

CVE-2021-41277

all versions

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJ

10.0CRITICAL

CVE-2018-0697

<= 0.29.3

Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script o

6.1MEDIUM