Lucene search
K

16 matches found

vulnersOsv
vulnersOsv
added 2026/02/24 3:30 p.m.7 views

quantguard (>=0.1.37 <=0.1.38), superset-sqlalchemy-gizmosql-adbc-dialect (>=0.0.3 <=0.0.9) potentially affected by CVE-2026-23983 via apache-superset (>=4.1.4 <=5.0.0)

apache-superset PYPI version =4.1.4, =0.1.37, =0.0.3, =0.0.9 Source cves: CVE-2026-23983 Source advisory: OSV:GHSA-H294-8FXM-M2PJ...

6.5CVSS5.8AI score0.004EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.12 views

CVE-2024-34693

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with localinfile enabled. If both the MariaDB server off by default and the local mysql client on the web server are set to allow for local infile, it's possible for the...

6.8CVSS7.2AI score0.01571EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.10 views

CVE-2023-49734

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2...

7.7CVSS6.6AI score0.00942EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0019

Malware in sbrugna...

5.4CVSS5.3AI score0.86393EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-2052

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00949EPSS
Exploits0References4
OSV
OSV
added 2025/08/14 3:30 p.m.4 views

GHSA-FXGF-3XH6-M2PP Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

5.3CVSS7.7AI score0.00628EPSS
Exploits0References4
NVD
NVD
added 2025/08/14 2:15 p.m.25 views

CVE-2025-55673

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

5.3CVSS0.00519EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 9:31 a.m.8 views

GHSA-W6C7-J32F-RQ8J Apache Superset Allows Ownership Takeover

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...

8.8CVSS6.5AI score0.00972EPSS
Exploits0References5
OSV
OSV
added 2025/02/05 7:29 a.m.9 views

BIT-SUPERSET-2021-28125 Apache Superset Open Redirect

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click...

6.1CVSS6.1AI score0.63768EPSS
Exploits0References3
OSV
OSV
added 2025/02/05 7:28 a.m.8 views

BIT-SUPERSET-2022-43721 Apache Superset: Open Redirect Vulnerability

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS5.2AI score0.00994EPSS
Exploits0References2
OSV
OSV
added 2025/02/05 7:27 a.m.14 views

BIT-SUPERSET-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is usin...

6.5CVSS5.6AI score0.83716EPSS
Exploits2References3
OSV
OSV
added 2025/02/05 7:26 a.m.11 views

BIT-SUPERSET-2023-46104 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1...

6.5CVSS6.1AI score0.01653EPSS
Exploits0References5
OSV
OSV
added 2025/02/05 7:26 a.m.5 views

BIT-SUPERSET-2023-49734 Apache Superset: Privilege Escalation Vulnerability

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2...

7.7CVSS6.8AI score0.00942EPSS
Exploits0References3
OSV
OSV
added 2025/02/05 7:25 a.m.7 views

BIT-SUPERSET-2024-27315 Apache Superset: Improper error handling on alerts

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...

4.3CVSS4.8AI score0.00969EPSS
Exploits0References3
CNVD
CNVD
added 2024/03/06 12:0 a.m.6 views

Apache Superset SQL Injection Vulnerability (CNVD-2024-26537)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database by sending carefully crafted S...

6.5CVSS7.3AI score0.00773EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/16 10:10 a.m.9 views

CVE-2022-43721 Apache Superset: Open Redirect Vulnerability

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

6.4AI score0.00994EPSS
Exploits0References1
Rows per page
Query Builder