Datahub-project Datahub
13 CVEs affecting Datahub-project Datahub. Latest disclosed: 2026-05-14. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-39366 | Critical | 9.9 | 2022-10-28 | DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the sig… |
CVE-2023-25559 | High | 8.2 | 2023-02-10 | DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (… |
CVE-2023-25560 | High | 8.2 | 2023-02-10 | DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or… |
CVE-2026-25644 | High | 7.5 | 2026-02-06 | DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue… |
CVE-2024-22409 | High | 7.5 | 2024-01-16 | DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile… |
CVE-2023-25557 | High | 7.5 | 2023-02-10 | DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this… |
CVE-2023-25558 | High | 7.5 | 2023-02-10 | DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processin… |
CVE-2023-47629 | High | 7.1 | 2023-11-14 | DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged… |
CVE-2023-25562 | Medium | 6.9 | 2023-02-10 | DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout ev… |
CVE-2023-47640 | Medium | 6.4 | 2023-11-14 | DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key… |
CVE-2023-25561 | Medium | 5.7 | 2023-02-10 | DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system… |
CVE-2026-44501 | Medium | 4.3 | 2026-05-14 | DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend (datahub-frontend-react) deserializes attacker-controlled Java objects from… |
CVE-2023-47628 | Medium | 4.2 | 2023-11-14 | DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do… |