Skip to main content

Redash

5 CVEs product

Monthly

CVE-2026-33213 MEDIUM This Month

Open redirect in Redash versions 5.0.2 through 26.3.0 allows unauthenticated attackers to craft a login URL that silently forwards authenticated users to an attacker-controlled external site. The flaw in get_next_path() stripped scheme and netloc from the next parameter but failed to reject or normalize URLs with three or more leading slashes - a pattern browsers interpret as an absolute external reference (e.g., /login?next=////evil.com). No public exploit or CISA KEV listing has been identified at time of analysis, though the bypass technique is trivially reproducible from the advisory's own example.

Open Redirect Redash
NVD GitHub
CVSS 3.1
6.1
CVE-2021-43780 HIGH PATCH This Week

Redash is a package for data visualization and sharing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Redash
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-43777 MEDIUM PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Google Redash
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-41192 MEDIUM POC PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Redash
NVD GitHub
CVSS 3.1
6.5
EPSS
8.0%
CVE-2020-12725 HIGH POC PATCH This Week

Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Redash
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVSS 6.1
MEDIUM This Month

Open redirect in Redash versions 5.0.2 through 26.3.0 allows unauthenticated attackers to craft a login URL that silently forwards authenticated users to an attacker-controlled external site. The flaw in get_next_path() stripped scheme and netloc from the next parameter but failed to reject or normalize URLs with three or more leading slashes - a pattern browsers interpret as an absolute external reference (e.g., /login?next=////evil.com). No public exploit or CISA KEV listing has been identified at time of analysis, though the bypass technique is trivially reproducible from the advisory's own example.

Open Redirect Redash
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Redash is a package for data visualization and sharing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Redash
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Google +1
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM POC PATCH This Month

Redash is a package for data visualization and sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Redash
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Redash
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy