Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

Apache Superset < 4.0.2 - SQL Injection

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new...

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

SUSE CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

CVE-2026-41205 vulnerabilities

Vulnerabilities for packages: pgadmin4-fips, dagster-fips, jupyter-base-notebook, open-webui, dagster, mlflow, airflow-core, nemo, prefect-fips, airflow, superset...

CVE-2026-41205 vulnerabilities

Vulnerabilities for packages: airflow, mlflow, jupyter-base-notebook, superset, open-webui...

CVE-2026-42308 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, superset...

GHSA-WJX4-4JCJ-G98J vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, superset...

GHSA-R73J-PQJ5-W3X7 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, superset...

CVE-2026-42310 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, superset...

Exploit for SQL Injection in Apache Superset

CVE-2026-23980 - Apache Superset Authenticated SQL Injection...

CVE-2025-55674 vulnerabilities

Vulnerabilities for packages: superset...

CVE-2025-55675 vulnerabilities

Vulnerabilities for packages: superset...

GHSA-MHPQ-M962-MG92 vulnerabilities

Vulnerabilities for packages: superset...

GHSA-FJ97-2V9X-W5M4 vulnerabilities

Vulnerabilities for packages: superset...

CVE-2025-55672 vulnerabilities

Vulnerabilities for packages: superset...

GHSA-FXGF-3XH6-M2PP vulnerabilities

Vulnerabilities for packages: superset...

Exploit for SQL Injection in Apache Superset

CVE-2026-23980 - Apache Superset Authenticated SQL Injection...

CVE-2026-30922 vulnerabilities

Vulnerabilities for packages: datadog-agent, spamcheck, kubeflow-jupyter-web-app, metaflow-service-fips, awx, apache-beam-python-3.12-sdk, kubeflow-volumes-web-app, datadog-agent-fips, request-1276, label-studio, airflow, apache-beam-python-3.13-sdk, k8s-sidecar, ansible-operator-fips,...

GHSA-JR27-M4P2-RC6R vulnerabilities

Vulnerabilities for packages: datadog-agent, spamcheck, kubeflow-jupyter-web-app, metaflow-service-fips, awx, apache-beam-python-3.12-sdk, kubeflow-volumes-web-app, datadog-agent-fips, request-1276, label-studio, airflow, apache-beam-python-3.13-sdk, k8s-sidecar, ansible-operator-fips,...