Open-metadata Openmetadata — known CVE vulnerabilities
Every CVE whose affected-product data names Open-metadata Openmetadata, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-28255 — CVSS 9.8 (critical): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2024-28253 — CVSS 9.4 (critical): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2024-28254 — CVSS 8.8 (high): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2024-28847 — CVSS 8.8 (high): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2024-28848 — CVSS 8.8 (high): OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage…
CVE-2026-26010 — CVSS 7.6 (high): OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by…
CVE-2026-22244 — CVSS 7.2 (high): OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template…
CVE-2025-50465 — CVSS 7.1 (high): OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the…
CVE-2025-50466 — CVSS 7.1 (high): OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the…
CVE-2024-55238 — CVSS 7.1 (high): OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the…
CVE-2025-50467 — CVSS 6.5 (medium): OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the…
CVE-2025-50468 — CVSS 6.5 (medium): OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the…