39 matches found
CVE-2024-53947
CVE-2024-53947 : Apache Superset is affected by an SQL Injection vulnerability due to improper neutralization of certain engine-specific functions, allowing bypass of SQL authorization. The issue affects versions
CVE-2018-8021
CVE-2018-8021 concerns Apache Superset pre-0.23, where an unsafe pickle deserialization path can lead to remote code execution. The root cause is the use of an unsafe load method from pickle to deserialize data, enabling an attacker with network access to potentially execute arbitrary code. Multi...
CVE-2024-24772
CVE-2024-24772 affects Apache Superset prior to 3.0.4 and 3.1.0–3.1.0.1, where a guest user could exploit the Chart Data REST API to send arbitrary SQL statements; on error, information could be leaked from the analytics database. Root cause: improper handling/neutralization of SQL in the chart d...
CVE-2024-26016
CVE-2024-26016 affects Apache Superset. A low-privilege authenticated user can import a dashboard or chart they shouldn’t access and modify its metadata, effectively gaining ownership of the object. The vulnerability hinges on improper authorization validation during the import process; access to...
CVE-2022-27479
Apache Superset is affected by CVE-2022-27479: before version 1.4.2, the chart data API is vulnerable to SQL injection. The issue is caused by unsafely constructed chart data requests, enabling potential leakage or manipulation of data. The impact is described in public advisories as high/critica...
CVE-2024-28148
Summary: Multiple sources describe an authorization issue in Apache Superset prior to 3.1.2. Affected product/component: Apache Superset, specifically the REST API used to explore datasources. Root cause (as stated): Incorrect datasource authorization on the explore REST API allowing an authentic...
CVE-2024-24773
The CVE-2024-24773 entry concerns Apache Superset. Affected versions are before 3.0.4 and 3.1.0 before 3.1.1, where improper parsing of nested SQL statements in SQLLab could allow authenticated users to bypass data authorization. The issue’s impact is elevated access to data within the authorizat...
CVE-2024-27315
Summary: CVE-2024-27315 affects Apache Superset and is caused by improper error handling when an authenticated user with privileges to create Alerts triggers a database error via a crafted SQL statement, potentially exposing data in error logs. Affected versions: before 3.0.4 and 3.1.0 before 3.1...
CVE-2024-53948
The CVE-2024-53948 entry concerns Apache Superset prior to 4.1.0, where error message generation can expose analytics metadata. This constitutes an information disclosure vector as described in multiple sources, with a fixed version 4.1.0 recommended by the advisories. Practical impact is informa...
CVE-2025-48912
CVE-2025-48912 affects Apache Superset prior to 4.1.2. An authenticated attacker can bypass row-level security by injecting SQL into the sqlExpression fields, enabling sub-queries that bypass defenses and grant unauthorized data access. The issue is triggered by specially crafted requests and is ...
CVE-2019-12413
CVE-2019-12413 affects Apache Superset prior to 0.31. A crafted complex query allows a user to query database metadata they have no access to, revealing information via an information-disclosure vulnerability. The available sources consistently describe this as a metadata/information-disclosure i...
CVE-2020-13952
Apache Superset CVE-2020-13952 affects all versions
CVE-2019-12414
CVE-2019-12414 affects Apache Incubator Superset prior to 0.32. The issue allows a user to view database names to which they have no access, exposed in a SQLLab dropdown. The connected sources confirm the affected product/version and the information-disclosure impact, but do not provide root-caus...
CVE-2023-49657
Apache Superset prior to 3.0.3 is affected by a stored XSS vulnerability: an authenticated user with create/update permissions on charts or dashboards can store a script or HTML snippet that executes in the context of a page. Impact details in the connected sources align on stored XSS with potent...
CVE-2024-39887
CVE-2024-39887 describes an SQL Injection in Apache Superset due to improper neutralization of engine-specific SQL functions. The vulnerability affects “Apache Superset” and allows bypassing SQL authorization via certain PostgreSQL functions, mitigated by a config key DISALLOWED_SQL_FUNCTIONS. Th...
CVE-2024-55633
CVE-2024-55633 is an Improper Authorization vulnerability in Apache Superset. An attacker with SQLLab access to a PostgreSQL analytic database can craft a SQL DML statement that is incorrectly identified as a read-only query, allowing its execution. The issue does not affect non-PostgreSQL analyt...
CVE-2021-42250
CVE-2021-42250 affects Apache Superset. The issue is improper output neutralization in a specific HTTP endpoint, allowing an authenticated user to forge log entries or inject malicious content into logs. Connected sources (NVD, OSV, GHSA, CNVD, OSV mirrors) confirm the vulnerability in Apache Sup...
CVE-2024-34693
CVE-2024-34693 is an Apache Superset vulnerability described across multiple sources as an Improper Input Validation issue. An authenticated attacker can create a MariaDB connection with local_infile enabled, and if both the MariaDB server and the local MySQL client on the web server permit local...
CVE-2020-13948
CVE-2020-13948 is tied to Apache Superset versions earlier than 0.37.1. An authenticated user could craft requests via templated text fields to gain arbitrary access to Python’s os package within the web application process. Impact details in the connected records show the user could enumerate an...
CVE-2025-27696
The CVE-2025-27696 entry concerns Apache Superset up to version 4.1.1, where an Incorrect Authorization vulnerability lets authenticated users with read permissions take ownership of dashboards, charts, or datasets. A fix is available in 4.1.2 and later. The public details consistently describe t...
CVE-2023-42504
CVE-2023-42504 describes a denial-of-service vulnerability in Apache Superset prior to 3.0.0 where an authenticated attacker can initiate multiple concurrent dashboard exports, potentially exhausting resources. Multiple connected sources (OSV, Red Hat, CNVD, GHSA advisories, etc.) corroborate a r...
CVE-2023-40610
CVE-2023-40610 affects Apache Superset prior to version 2.1.2. The issue is an improper authorization check that enables privilege escalation when using the default examples database connection, which can grant access to both the examples schema and Superset metadata DB. A specially crafted CTE S...
CVE-2023-49734
Apache Superset is affected by an privilege-escalation vulnerability (CVE-2023-49734) where an authenticated Gamma user can create a dashboard, add charts, and automatically become an owner of those charts, gaining write permissions. Affected versions include the prior 2.1.x line (before 2.1.2) a...
CVE-2023-42505
CVE-2023-42505 affects Apache Superset prior to 3.0.0. An authenticated user with read permissions on database connections metadata could access sensitive information such as the connection username. The connected documents confirm the affected product and impact but do not provide exploit detail...
CVE-2023-43701
CVE-2023-43701 affects Apache Superset up to version 2.1.1, where improper payload validation and a flawed REST API response type allow an authenticated attacker to store malicious code in chart metadata. The code could execute when a user accesses a specific deprecated API endpoint. Affected ver...
CVE-2023-49736
CVE-2023-49736 describes a SQL injection vulnerability in Apache Superset caused by a vulnerable where_in JINJA macro. The issue allows an attacker to inject SQL via a quote parameter in the macro, with impact on confidentiality, integrity, and availability as described in the sources. Affected v...
CVE-2025-55675
CVE-2025-55675 — Apache Superset : There is an improper access-control on the /explore endpoint. An authenticated user can enumerate metadata for datasources they lack permission to access by iterating datasource_id in the URL, leading to potential disclosure of protected datasource names. Affect...
CVE-2023-46104
CVE-2023-46104 affects Apache Superset up to v2.1.2 and v3.0.0–v3.0.1. Uncontrolled resource consumption can be triggered by an authenticated attacker who uploads a malicious ZIP to import databases, dashboards, or datasets. The CVSS base shows a Medium severity (6.5) with Network access, low att...
CVE-2023-42502
Affected software: Apache Superset. Vulnerability: open redirect via spoofing the HTTP Host header. Root cause: authenticated attackers with update datasets permission can modify a dataset link to point to an untrusted site, causing users to be redirected when clicking that dataset. Impact: poten...
CVE-2024-23952
CVE-2024-23952 is a duplicate of CVE-2023-46104 describing an attack that triggers uncontrolled resource consumption in Apache Superset by an authenticated user uploading a malicious ZIP to import databases, dashboards or datasets. Affected versions include Superset up to 2.1.2 and 3.0.0–3.0.1. T...
CVE-2026-23982
CVE-2026-23982 describes an Improper Authorization in Apache Superset where a low-privilege user can bypass data access controls during dataset creation by overwriting the SQL query of an existing dataset. Affected: Apache Superset
CVE-2023-42501
Apache Superset prior to 2.1.2 is affected by CVE-2023-42501, where the Gamma role grants unnecessary read permissions, allowing authenticated users to read configured CSS templates and annotations. The vulnerability is described as an information disclosure risk with a CVSS v3.1 base score of 4....
CVE-2025-55672
Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...
CVE-2025-55674
CVE-2025-55674 affects Apache Superset up to version 5.0.0. The issue is a bypass of the DISALLOWED_SQL_FUNCTIONS denylist, allowing a user with SQL Lab access to execute blocked SQL functions and disclose sensitive information (e.g., software version). The publicly stated remediation is to upgra...
CVE-2026-23980
Apache Superset CVE-2026-23980 describes an SQL injection issue (improper neutralization of special elements) that can be exploited by an authenticated user with read access via sqlExpression or where parameters. Affected software: Superset versions before 6.0.0. Impact as per CVSS: MEDIUM (5.3),...
CVE-2025-55673
Apache Superset contains an information disclosure in the /chart/data response: when a guest user accesses a chart, the payload includes the underlying query, exposing database schema details (e.g., table names). This affects versions before 4.1.3. The issue is mitigated by upgrading to version 4...
CVE-2026-23984
CVE-2026-23984 affects Apache Superset prior to 6.0.0. An authenticated user with SQLLab access can bypass the read-only verification for PostgreSQL connections, enabling crafted statements to evade the existing DML blocks. This could allow execution of data manipulation operations that should be...
CVE-2026-23983
Apache Superset (CVE-2026-23983) has an information disclosure vulnerability via the Tag endpoint (disabled by default). When the tagged objects include Users, the API may serialize and return sensitive fields such as password hashes (pbkdf2), email addresses, and login statistics to authenticate...
CVE-2026-23969
Apache Superset prior to 4.1.2 is affected by CVE-2026-23969 due to an incomplete default DISALLOWED_SQL_FUNCTIONS list for the ClickHouse engine, which can lead to exposure of sensitive information in SQL Lab and charts. The vulnerability’s impact is described with a CVSS 4.0 base score of 5.3 (...