📦 Metabase

CVE-2023-37470 is a critical remote code execution vulnerability in Metabase that allows attackers to execute arbitrary code on the server by injecting malicious commands into H2 database connection s...

CVE-2023-38646 is a critical remote code execution vulnerability in Metabase that allows unauthenticated attackers to execute arbitrary commands on the server with the server's privilege level. This a...

This vulnerability in Metabase allows attackers to exploit the custom GeoJSON map feature to perform local file inclusion attacks. By submitting malicious URLs that aren't validated, attackers can rea...

This vulnerability allows authenticated users in Metabase to extract sensitive information including database credentials via template evaluation in email notifications. It affects Metabase instances ...

This vulnerability in Metabase allows attackers with SQL permissions on one SQLite database to attach and query across multiple SQLite databases if they know the file paths. Only Metabase users utiliz...

In Metabase Enterprise Edition, users with impersonation permissions can access cached query results from other users, potentially viewing data they shouldn't have permission to see. This affects Ente...