Apache Superset Vulnerabilities
Apache Apache Superset vulnerabilities.
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
Improper Access Control in Apache Superset Allows Unauthorized Metadata Exposure
CVE-2025-55675ApacheApache Superset5.3MEDIUMBypass of Security Feature in Apache Superset by Apache
CVE-2025-55674ApacheApache Superset5.3MEDIUMStored Cross-Site Scripting Vulnerability in Apache Superset by Apache
CVE-2025-55672ApacheApache Superset5.3MEDIUMImproper Disclosure of Database Schema in Apache Superset by Apache
CVE-2025-55673ApacheApache Superset5.3MEDIUMSQL Injection Vulnerability in Apache Superset by Apache
CVE-2025-48912ApacheApache Superset7.1HIGHImproper Authorization in Apache Superset Affects Dashboard Ownership
CVE-2025-27696ApacheApache Superset5.3MEDIUMIncorrectly Identified SQL DML Statement Vulnerability Affects Apache Superset Before 4.1.0
CVE-2024-55633ApacheApache Superset7.1HIGHImproper Input Validation Vulnerability in Apache Superset Allows for File Reading and Insertion
CVE-2024-34693ApacheApache Superset๐พ๐ก๐ฐ6.8MEDIUMAuthenticated User Can Access Metadata for Unauthorized Datasource via Targeted REST API Request
CVE-2024-28148ApacheApache Superset4.3MEDIUMLow Privilege User Can Modify Ownership of Charts and Dashboards, But Data Access Privileges Still Apply
CVE-2024-26016ApacheApache Superset4.3MEDIUMVirtual Datasets Lead to Unauthorized Data Access in Apache Superset
CVE-2024-24779ApacheApache Superset6.5MEDIUMArbitrary SQL Statements Could Leak Information from Underlying Analytics Database
CVE-2024-24772ApacheApache Superset4.3MEDIUMAuthenticated Users Can Surpass Data Authorization Scope via Improper Nested SQL Parsing
CVE-2024-24773ApacheApache Superset6.5MEDIUMError in Alerts & Reports May Expose Sensitive Data
CVE-2024-27315ApacheApache Superset4.3MEDIUMMalicious ZIP Upload Vulnerability Affects Apache Superset
CVE-2024-23952ApacheApache Superset6.5MEDIUMApache Superset: Stored XSS in Dashboard Title and Chart Title
CVE-2023-49657ApacheApache Superset9.6CRITICALApache Superset: Allows for uncontrolled resource consumption via a ZIP bomb
CVE-2023-46104ApacheApache Superset6.5MEDIUMApache Superset: Privilege Escalation Vulnerability
CVE-2023-49734ApacheApache Superset6.5MEDIUMApache Superset: SQL Injection on where_in JINJA macro
CVE-2023-49736ApacheApache Superset8.8HIGHApache Superset: Lack of rate limiting allows for possible denial of service
CVE-2023-42504ApacheApache Superset6.5MEDIUMApache Superset: Open Redirect Vulnerability
CVE-2023-42502ApacheApache Superset5.4MEDIUMApache Superset: Sensitive information disclosure on db connection details
CVE-2023-42505ApacheApache Superset4.3MEDIUMApache Superset: Privilege escalation with default examples database
CVE-2023-40610ApacheApache Superset6.3MEDIUMApache Superset: Unnecessary read permissions within the Gamma role
CVE-2023-42501ApacheApache Superset4.3MEDIUMApache Superset: Stored XSS on API endpoint
CVE-2023-43701ApacheApache Superset5.4MEDIUM