BIT-SUPERSET-2025-55675 Apache Superset: Incorrect datasource authorization on REST API

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

BIT-SUPERSET-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55674

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

GHSA-FXGF-3XH6-M2PP Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

Missing Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Missing Authorization via the /explore endpoint due to a missing authorization check. An attacker can obtain sensitive metadata about datasources by...

CVE-2025-55675

Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasourceid in the URL, an attacker can...

CVE-2025-55675

CVE-2025-55675 — Apache Superset : There is an improper access-control on the /explore endpoint. An authenticated user can enumerate metadata for datasources they lack permission to access by iterating datasource_id in the URL, leading to potential disclosure of protected datasource names. Affect...

CVE-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-55672

Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...

PT-2025-33271 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A stored Cross-Site Scripting XSS issue exists in the chart visualization feature. An authenticated user with chart editing permissions can inject a malicious payload into a column's label...

Missing Encryption of Sensitive Data

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insecure communication between the FRP client and server, when the share option is set to true. An attack...

Resources Downloaded over Insecure Protocol

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol due to the lack of integrity checking on the downloaded FRP client. An attacker can introduce malicious...

CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw

eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a li...

PT-2023-10331 · Salesforce · Salesforcemobilesdk-Windows

Name of the Vulnerable Software and Affected Versions: SalesforceMobileSDK-Windows versions up to 4.x Description: A critical issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs, leading to sql injection. This issue only affects products that are no...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. This can occur when used with untrusted input, due to unsafe PAC file handling. In order to exploit this vulnerability in practice, this either requires an attacker on your local network, a specific vulnerable...

Arbitrary Code Execution

Overview node-rules is a light weight forward chaining Rule Engine, written in JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is located in line 152,153. The argument rules of function fromJSON can be controlled by users without any...

PT-2019-12786 · Apache · Solr

Name of the Vulnerable Software and Affected Versions: Solr versions 1.3.0 through 1.4.1 Solr versions 3.1.0 through 3.6.2 Solr versions 4.0.0 through 4.10.4 Solr versions prior to 5.0.0 Description: The issue allows for an XML resource consumption attack, also known as a Lol Bomb, via the update...