CRITICAL9.8CVE-2023-41887OpenRefine Remote Code execution in project import with mysql jdbc url attack from 0, < 3.6.2-2+deb12u2
HIGH8.1CVE-2024-47881OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE) from 0, < 3.6.2-2+deb12u3
HIGH8.1CVE-2024-47880OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand from 0, < 3.6.2-2+deb12u3
HIGH8.1OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
from 0, < 3.6.2-2+deb12u3
HIGH7.6OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
from 0
HIGH7.5OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack
from 0, < 3.6.2-2+deb12u2
HIGH7.3OpenRefine JDBC Attack Vulnerability
from 0, < 3.6.2-2+deb12u3
HIGH7.1OpenRefine has a path traversal in LoadLanguageCommand
from 0, < 3.6.2-2+deb12u3
MEDIUM6.5OpenRefine Server-Side Request Forgery vulnerability
from 0, < 3.6.1-1
MEDIUM5.9OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project
from 0, < 3.6.2-2+deb12u3
MEDIUM5.5OpenRefine vulnerable to zip slip in project import
from 0, < 3.6.2-2+deb12u1