Open-metadata Openmetadata
7 CVEs affecting Open-metadata Openmetadata. Latest disclosed: 2026-02-11. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-28255 | Critical | 9.8 | 2024-03-15 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team c… |
CVE-2024-28253 | Critical | 9.4 | 2024-03-15 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team c… |
CVE-2024-28848 | High | 8.8 | 2024-03-15 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team c… |
CVE-2024-28847 | High | 8.8 | 2024-03-15 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team c… |
CVE-2024-28254 | High | 8.8 | 2024-03-15 | OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team c… |
CVE-2026-26010 | High | 7.6 | 2026-02-11 | OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for cer… |
CVE-2026-22244 | | 2026-01-08 | OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in Free… |