Known Vulnerabilities for products from Metabase

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Metabase".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-33725 json Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.2... Not Provided 2026-03-27 2026-04-01
CVE-2026-22805 json Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow... Not Provided 2026-01-12 2026-04-10
CVE-2023-38646 json Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on... 9.8 - CRITICAL 2023-07-21 2023-08-09
CVE-2023-37470 json Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46... 9.8 - CRITICAL 2023-08-04 2023-08-09
CVE-2023-32680 json Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at ... 9.6 - CRITICAL 2023-05-18 2023-05-26
CVE-2023-23629 json Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intend... 6.3 - MEDIUM 2023-01-28 2023-11-07
CVE-2023-23628 json Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an ... 4.1 - MEDIUM 2023-01-28 2023-11-07
CVE-2022-43776 json The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery ... 6.5 - MEDIUM 2022-10-26 2022-10-28
CVE-2022-39362 json Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9... 8.8 - HIGH 2022-10-26 2022-10-28
CVE-2022-39361 json Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9... 8.8 - HIGH 2022-10-26 2022-10-28
CVE-2022-39360 json Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9... 6.5 - MEDIUM 2022-10-26 2022-10-28
CVE-2022-39359 json Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9... 6.5 - MEDIUM 2022-10-26 2022-10-28
CVE-2022-39358 json Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, and 1.42.6, it was possibl... 6.5 - MEDIUM 2022-10-26 2022-10-28
CVE-2022-24855 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.4 - MEDIUM 2022-04-14 2022-04-22
CVE-2022-24854 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-04-14 2022-04-22
CVE-2022-24853 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.3 - MEDIUM 2022-04-14 2022-04-22
CVE-2021-41277 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2021-11-17 2023-11-07
CVE-2018-0697 json Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web scr... 6.1 - MEDIUM 2018-11-15 2018-12-17

Known software with vulnerabilities from Metabase

Type Vendor Product Version
ApplicationMetabaseMetabase0.10.0