CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

EUVD-2021-30685

Malicious code in bioql PyPI...

CVE-2025-5874

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874 Redash getattr python.py run_query sandbox

A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function runquery of the file /queryrunner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The...

CVE-2025-5874

CVE-2025-5874 affects Redash, up to versions 10.1.0/25.1.0, via the getattr Handler’s run_query function in /query_runner/python.py, causing a sandbox issue. The exploitability is reported as high complexity with public PoC evidence; exploitation maturity is noted as proof-of-concept. The vendor ...

PT-2025-24425 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash versions up to 10.1.0/25.1.0 Description: A critical issue affects the run query function of the /query runner/python.py file in the getattr Handler component, leading to a sandbox issue. The exploit has been disclosed publicly and may...

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

CVE-2021-43777

Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login via OAuth incorrectly uses the state parameter to pass the next URL to redirect the user to after login. The state parameter should be used for a Cross-Site Request Forgery...

CVE-2020-36144

Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization...

Redash 安全漏洞

Redash is a data integration and analysis solution from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.Redash 10.0.0 and earlier versions contain a security vulnerability that could be exploited by an attacker to spoof sessio...

PT-2021-23928 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash versions 10.0 and prior Description: Redash is a package for data visualization and sharing. The implementation of URL-loading data sources like JSON, CSV, or Excel in versions 10.0 and prior is vulnerable to advanced methods of Server...