Login Sign Up

Dataease Security Vulnerabilities (CVEs)

Track 37 security vulnerabilities affecting Dataease products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

24 Critical
12 High
1 Medium
🔔 Get Alerts for Dataease
CVE-2026-23958 9.8

Dataease versions before 2.10.19 use MD5-hashed passwords as JWT signing secrets, allowing attackers to brute-force admin passwords via unmonitored AP...

Jan 22, 2026
CVE-2025-64428 9.8

This CVE describes a JNDI injection vulnerability in Dataease, an open-source data visualization tool. Attackers can exploit this to execute arbitrary...

Nov 20, 2025
CVE-2025-62419 7.5

This CVE describes a JDBC URL injection vulnerability in DataEase data visualization platform. Attackers can inject malicious JDBC strings through the...

Oct 17, 2025
CVE-2025-62420 8.8

This vulnerability allows authenticated attackers to bypass JDBC driver restrictions in DataEase by providing a malicious jdbcUrl parameter. Attackers...

Oct 17, 2025
CVE-2025-62422 8.8

CVE-2025-62422 is a SQL injection vulnerability in DataEase's /de2api/datasetData/tableField interface that allows attackers to execute arbitrary SQL ...

Oct 17, 2025
CVE-2025-58748 9.8

This vulnerability allows remote code execution in Dataease by exploiting improper JDBC URL validation in the H2 data source implementation. Attackers...

Sep 15, 2025
CVE-2025-58045 9.8

This vulnerability in Dataease allows attackers to exploit the DB2 JDBC connection string to trigger server-side request forgery (SSRF) attacks. In Da...

Sep 15, 2025
CVE-2025-57772 9.8

This vulnerability allows remote code execution in DataEase BI tools through a JDBC URL bypass. Attackers can exploit a flaw in H2 database driver fil...

Aug 25, 2025
CVE-2025-53006 9.8

This vulnerability in DataEase allows attackers to exploit SSL/TLS connection parameters to potentially execute arbitrary code or bypass security cont...

Jul 2, 2025
CVE-2025-53005 9.8

This vulnerability allows attackers to bypass security controls in DataEase's PostgreSQL data source JDBC connection parameters by manipulating sslfac...

Jul 1, 2025
CVE-2025-53004 9.8

This vulnerability allows attackers to bypass security controls in DataEase's Redshift JDBC connection parameters via the sslfactory and sslfactoryarg...

Jun 30, 2025
CVE-2025-49003 9.8

This vulnerability allows remote code execution in DataEase by exploiting Java's character conversion behavior where 'ı' becomes 'I' and 'ſ' becomes...

Jun 26, 2025
CVE-2025-48999 8.8

This vulnerability allows attackers to bypass a previous security patch (CVE-2025-46566) in DataEase, enabling them to construct malicious JDBC statem...

Jun 3, 2025
CVE-2025-49001 9.8

CVE-2025-49001 is a critical authentication bypass vulnerability in DataEase where JWT token secret verification fails, allowing attackers to forge va...

Jun 3, 2025
CVE-2025-48998 8.8

This vulnerability allows authenticated users in DataEase to bypass a previous patch and read/deserialize arbitrary files through the background JDBC ...

Jun 3, 2025
CVE-2025-46566 9.8

This vulnerability allows authenticated users of DataEase to achieve remote code execution through the backend JDBC link functionality. It affects all...

May 1, 2025
CVE-2025-32966 9.8

DataEase versions before 2.10.8 contain a vulnerability where authenticated users can achieve remote code execution through the backend JDBC connectio...

Apr 23, 2025
CVE-2025-27138 9.8

This vulnerability allows attackers to bypass authentication in DataEase, potentially gaining unauthorized access to sensitive business intelligence d...

Mar 13, 2025
CVE-2025-27103 6.5

This vulnerability allows authenticated users in DataEase to bypass a previous security patch and read/deserialize arbitrary files through the backgro...

Mar 13, 2025
CVE-2024-57707 9.8

This vulnerability allows remote attackers to execute arbitrary code on DataEase v1 systems by exploiting the user account and password components. At...

Feb 7, 2025
CVE-2024-56511 9.8

This vulnerability allows attackers to bypass authentication in DataEase by exploiting a path traversal flaw in the whitelist validation logic. When t...

Jan 10, 2025
CVE-2024-55953 8.1

This vulnerability in DataEase allows authenticated users to read and deserialize arbitrary files through JDBC connection parameters. Attackers can ex...

Dec 18, 2024
CVE-2024-52295 9.8

CVE-2024-52295 is a critical authentication bypass vulnerability in DataEase where attackers can forge JWT tokens due to hardcoded secrets and identif...

Nov 13, 2024
CVE-2024-47073 9.1

This vulnerability allows attackers to forge JWT tokens due to missing signature verification in DataEase. Attackers can gain unauthorized access to a...

Nov 7, 2024
CVE-2024-47074 9.8

This vulnerability in DataEase allows attackers to execute arbitrary system commands by exploiting PostgreSQL JDBC deserialization through unfiltered ...

Oct 11, 2024
CVE-2024-46985 7.5

DataEase versions before 2.10.1 contain an XML external entity injection (XXE) vulnerability in the static resource upload interface. This allows atta...

Sep 23, 2024
CVE-2024-46997 9.8

This vulnerability allows remote attackers to execute arbitrary commands on DataEase servers by crafting malicious H2 database connection strings. Any...

Sep 23, 2024
CVE-2024-23328 9.1

This CVE describes a deserialization vulnerability in Dataease's MySQL datasource component that allows attackers to bypass JDBC attack blacklists. Su...

Feb 29, 2024
CVE-2023-40183 7.5

This vulnerability in DataEase allows attackers to upload malicious files disguised as images that can steal user cookies when accessed. It affects al...

Sep 21, 2023
CVE-2023-37258 8.8

DataEase versions before 1.18.9 contain a SQL injection vulnerability that bypasses blacklist protections, allowing attackers to execute arbitrary SQL...

Jul 25, 2023
CVE-2023-33963 9.8

This CVE describes a deserialization vulnerability in DataEase, an open source data visualization tool, that allows remote attackers to execute arbitr...

Jun 1, 2023
CVE-2023-28637 8.0

CVE-2023-28637 is a remote code execution vulnerability in DataEase's AWS Redshift data source due to insufficient input sanitization. Attackers can e...

Mar 28, 2023
CVE-2023-28437 9.8

CVE-2023-28437 is a SQL injection vulnerability in Dataease open source data visualization tool caused by incomplete SQL injection blacklist protectio...

Mar 25, 2023
CVE-2021-38239 7.5

This SQL injection vulnerability in DataEase allows attackers to extract sensitive database information by manipulating the orders parameter in API re...

Feb 15, 2023
CVE-2022-34113 9.8

This vulnerability allows attackers to upload malicious plugins to Dataease v1.11.1 via the /api/plugin/upload endpoint, leading to remote code execut...

Jul 22, 2022
CVE-2022-34115 9.8

DataEase v1.11.1 contains an arbitrary file write vulnerability via the dataSourceId parameter. This allows attackers to write arbitrary files to the ...

Jul 22, 2022
CVE-2022-23331 8.8

In DataEase v1.6.1, an authenticated user can exploit a vulnerability to access all user information and change administrator passwords. This affects ...

Feb 8, 2022

Why Monitor Dataease Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 37+ known vulnerabilities affecting Dataease products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Dataease packages in under 60 seconds. No agents required - completely agentless scanning that works across Dataease deployments.

Free vulnerability database: Access detailed information about every Dataease CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

  • Register free account & add your servers
  • Run one-time scan or schedule automatic monitoring (every 1-24 hours)
  • Receive instant alerts when new Dataease CVEs affect your systems
  • Access dashboard with severity breakdown & fix instructions
Start Monitoring Dataease CVEs Free