Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheSuperset

59 matches found

CVE
CVEadded 2023/12/19 10:15 a.m.39 views

CVE-2023-49736

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the is...

8.8CVSS7.6AI score0.00611EPSS
CVE
CVEadded 2024/02/14 12:15 p.m.39 views

CVE-2024-23952

This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset ve...

6.5CVSS6.1AI score0.01302EPSS
CVE
CVEadded 2023/09/06 1:15 p.m.38 views

CVE-2023-27526

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.

4.3CVSS4.4AI score0.0015EPSS
CVE
CVEadded 2023/09/06 2:15 p.m.38 views

CVE-2023-32672

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.

4.3CVSS4.5AI score0.00206EPSS
CVE
CVEadded 2025/05/13 9:15 a.m.38 views

CVE-2025-27696

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

8.8CVSS6.3AI score0.00017EPSS
CVE
CVEadded 2023/09/06 1:15 p.m.36 views

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.

5CVSS4.6AI score0.00086EPSS
CVE
CVEadded 2023/12/19 10:15 a.m.35 views

CVE-2023-46104

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.

6.5CVSS6.1AI score0.00483EPSS
CVE
CVEadded 2023/11/28 5:15 p.m.34 views

CVE-2023-42502

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.

5.4CVSS4.9AI score0.00091EPSS
CVE
CVEadded 2023/11/27 11:15 a.m.31 views

CVE-2023-42501

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.This issue affects Apache Superset: before 2.1.2.Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove can_read ...

4.3CVSS4.4AI score0.00099EPSS
Total number of security vulnerabilities59