EUVD-2024-0650

Malicious code in bioql PyPI...

CVE-2025-48912

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data. This issue affects...

CVE-2021-28125

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click...

BIT-SUPERSET-2024-24772 Apache Superset: Improper Neutralisation of custom SQL on embedded context

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, whi...

Apache Superset Security Bypass Vulnerability (CNVD-2024-06820)

Apache Superset is an open source data visualization tool based on Python. Apache Superset suffers from a security bypass vulnerability that can be exploited by an attacker to test a database connection...