Security Advisories · datahub-project/datahub · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability
GHSA-rjf9-p49v-42c4 published Apr 30, 2026 by RyanHolstien

Moderate
Open Redirect Vulnerability in DataHub (redirect_uri)
GHSA-3p57-xxv6-6wqp published May 19, 2026 by david-leifker

Moderate
Open Redirect Vulnerability in DataHub (BasePathRedirectFilter)
GHSA-phm8-vwjg-f442 published Feb 20, 2026 by david-leifker

Moderate
LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade
GHSA-j34h-x7qg-4qw5 published Feb 4, 2026 by RyanHolstien

High
Stored XSS - UI v1 Sidebar Description
GHSA-8v62-ch9g-mvw9 published May 29, 2025 by david-leifker

Low
false positives: datahub-java dependencies
GHSA-8cr6-69rq-2mj8 published Sep 20, 2024 by david-leifker

Low
false positive: datahub-web-react dependencies
GHSA-grf6-rh4c-p2p6 published Sep 20, 2024 by david-leifker

Low
Privilege escalation through email sign-up
GHSA-vj59-23ww-p6c8 published Nov 13, 2023 by david-leifker

High
Default Privileges allow for high level operations for low privileged users
GHSA-x3v6-r479-m4xv published Jan 10, 2024 by RyanHolstien

High
CLI Debug Logs contain Sensitive information
GHSA-g8pc-2p86-8x73 published Nov 13, 2023 by david-leifker

Low