org.open-metadata:openmetadata-service (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.open-metadata:openmetadata-service, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-28253 — CVSS 9.4 (critical): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2024-28847 — CVSS 8.8 (high): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2024-28848 — CVSS 8.8 (high): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2026-46481 — CVSS 8.3 (high): OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a…
CVE-2024-55238 — CVSS 7.1 (high): OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the…