Skip to main content

Superset

58 CVEs product

Monthly

CVE-2026-23984 PyPI MEDIUM PATCH This Month

Authenticated users in Apache Superset versions before 6.0.0 can execute write operations against PostgreSQL databases configured as read-only by crafting specially formatted SQL statements that evade validation checks. This allows an attacker with SQLLab access to perform unauthorized data modifications despite read-only protections being in place. No patch is currently available for affected versions.

Apache PostgreSQL Superset
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23983 PyPI MEDIUM PATCH This Month

Authenticated users in Apache Superset versions before 6.0.0 can access sensitive user information including password hashes and email addresses through the Tag endpoint API, which improperly exposes user objects without proper field filtering. An attacker with low-privilege credentials (such as Gamma role) can exploit this to retrieve authentication data that should remain hidden. The vulnerability only affects instances with the TAGGING_SYSTEM enabled, which is disabled by default.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23982 PyPI MEDIUM PATCH This Month

Apache Superset before version 6.0.0 contains an authorization bypass in dataset management that allows authenticated users with write access to datasets to circumvent data access controls and query unauthorized information. An attacker can exploit this by modifying the SQL query of existing datasets to access restricted data that their role should not permit. No patch is currently available, leaving affected deployments vulnerable until upgrading to version 6.0.0.

Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23980 PyPI MEDIUM PATCH This Month

Apache Superset before version 6.0.0 contains a SQL injection vulnerability in the sqlExpression and where parameters that allows authenticated users with read access to extract sensitive data through error-based techniques. An attacker with valid credentials could exploit this to bypass query restrictions and access unauthorized database information. A patch is available in version 6.0.0 and later.

Apache SQLi Superset
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23969 PyPI MEDIUM PATCH This Month

Insufficient SQL function restrictions in Apache Superset before 4.1.2 allow authenticated users to execute sensitive database functions on ClickHouse engines that should have been blocked. An attacker with database access could leverage the incomplete DISALLOWED_SQL_FUNCTIONS list to bypass security controls and potentially extract or manipulate data. No patch is currently available for affected versions of Apache Superset, PostgreSQL, and related deployments.

Apache PostgreSQL Superset
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55675 PyPI MEDIUM PATCH This Month

Apache Superset contains an improper access control vulnerability in its /explore endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Apache Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55674 PyPI MEDIUM PATCH This Month

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-55673 PyPI MEDIUM PATCH This Month

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-55672 PyPI MEDIUM PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-48912 PyPI HIGH PATCH This Month

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Authentication Bypass Superset
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2025-27696 PyPI MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-55633 PyPI HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache PostgreSQL Superset
NVD
CVSS 4.0
7.1
EPSS
2.6%
CVE-2024-53949 PyPI HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 4.0
7.6
EPSS
0.7%
CVE-2024-53948 PyPI MEDIUM PATCH This Month

Generation of Error Message Containing analytics metadata Information in Apache Superset.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-53947 PyPI LOW PATCH Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL Superset
NVD
CVSS 4.0
2.3
EPSS
0.8%
CVE-2024-39887 PyPI CRITICAL POC PATCH Act Now

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL Superset
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2024-34693 PyPI MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-28148 PyPI MEDIUM PATCH This Month

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-26016 PyPI MEDIUM PATCH This Month

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2024-24779 PyPI MEDIUM PATCH This Month

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-24773 PyPI MEDIUM PATCH This Month

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24772 PyPI MEDIUM PATCH This Month

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-27315 PyPI MEDIUM PATCH This Month

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-23952 MEDIUM This Month

This is a duplicate for CVE-2023-46104. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-49736 PyPI HIGH PATCH This Week

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.1.2, from 3.0.0 before 3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-49734 PyPI MEDIUM PATCH This Month

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-46104 PyPI MEDIUM PATCH This Month

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-42504 PyPI MEDIUM PATCH This Month

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-42505 PyPI MEDIUM PATCH This Month

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-42502 PyPI MEDIUM PATCH This Month

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Open Redirect Superset
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-43701 PyPI MEDIUM PATCH This Month

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-42501 PyPI MEDIUM PATCH This Month

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-40610 PyPI HIGH POC PATCH This Week

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Authentication Bypass Superset
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-39265 PyPI MEDIUM POC PATCH THREAT This Month

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD GitHub
CVSS 3.1
6.5
EPSS
83.7%
CVE-2023-37941 PyPI MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python Deserialization Superset
NVD GitHub
CVSS 3.1
6.6
EPSS
29.2%
CVE-2023-32672 PyPI MEDIUM PATCH This Month

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-39264 PyPI MEDIUM PATCH This Month

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-36388 PyPI MEDIUM PATCH This Month

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-36387 PyPI MEDIUM PATCH This Month

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Superset
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-27526 PyPI MEDIUM PATCH This Month

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-27523 PyPI MEDIUM PATCH This Month

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-30776 PyPI MEDIUM PATCH This Month

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API.3.0 up to 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-27524 PyPI CRITICAL POC KEV PATCH THREAT Act Now

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.4%
CVE-2023-27525 PyPI MEDIUM PATCH This Month

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-25504 PyPI MEDIUM PATCH This Month

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-27479 PyPI CRITICAL PATCH Act Now

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-42250 PyPI MEDIUM PATCH This Month

Improper output neutralization for Logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Code Injection Superset
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-41972 PyPI MEDIUM PATCH This Month

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-41971 PyPI HIGH PATCH This Week

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-32609 PyPI MEDIUM PATCH This Month

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2021-28125 PyPI MEDIUM PATCH This Month

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apache Superset
NVD
CVSS 3.1
6.1
EPSS
63.8%
CVE-2021-27907 PyPI MEDIUM PATCH This Month

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 3.1
5.4
EPSS
86.4%
CVE-2020-13952 PyPI HIGH PATCH This Week

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-13948 PyPI HIGH PATCH This Week

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Information Disclosure Superset
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-1932 PyPI MEDIUM PATCH This Month

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-12414 PyPI MEDIUM PATCH This Month

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2019-12413 PyPI MEDIUM PATCH This Month

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Superset
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2018-8021 PyPI CRITICAL POC PATCH THREAT Act Now

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Apache Superset
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
53.9%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Authenticated users in Apache Superset versions before 6.0.0 can execute write operations against PostgreSQL databases configured as read-only by crafting specially formatted SQL statements that evade validation checks. This allows an attacker with SQLLab access to perform unauthorized data modifications despite read-only protections being in place. No patch is currently available for affected versions.

Apache PostgreSQL Superset
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Authenticated users in Apache Superset versions before 6.0.0 can access sensitive user information including password hashes and email addresses through the Tag endpoint API, which improperly exposes user objects without proper field filtering. An attacker with low-privilege credentials (such as Gamma role) can exploit this to retrieve authentication data that should remain hidden. The vulnerability only affects instances with the TAGGING_SYSTEM enabled, which is disabled by default.

Apache Information Disclosure Superset
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Apache Superset before version 6.0.0 contains an authorization bypass in dataset management that allows authenticated users with write access to datasets to circumvent data access controls and query unauthorized information. An attacker can exploit this by modifying the SQL query of existing datasets to access restricted data that their role should not permit. No patch is currently available, leaving affected deployments vulnerable until upgrading to version 6.0.0.

Apache Superset
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Apache Superset before version 6.0.0 contains a SQL injection vulnerability in the sqlExpression and where parameters that allows authenticated users with read access to extract sensitive data through error-based techniques. An attacker with valid credentials could exploit this to bypass query restrictions and access unauthorized database information. A patch is available in version 6.0.0 and later.

Apache SQLi Superset
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient SQL function restrictions in Apache Superset before 4.1.2 allow authenticated users to execute sensitive database functions on ClickHouse engines that should have been blocked. An attacker with database access could leverage the incomplete DISALLOWED_SQL_FUNCTIONS list to bypass security controls and potentially extract or manipulate data. No patch is currently available for affected versions of Apache Superset, PostgreSQL, and related deployments.

Apache PostgreSQL Superset
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Apache Superset contains an improper access control vulnerability in its /explore endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Apache +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Month

An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Authentication Bypass +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache PostgreSQL +1
NVD
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Generation of Error Message Containing analytics metadata Information in Apache Superset.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 1% CVSS 2.3
LOW PATCH Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache PostgreSQL +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

This is a duplicate for CVE-2023-46104. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.1.2, from 3.0.0 before 3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Open Redirect Superset
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Superset
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Authentication Bypass +1
NVD GitHub
EPSS 84% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD GitHub
EPSS 29% CVSS 6.6
MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python +2
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Superset
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API.3.0 up to 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Superset
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Improper output neutralization for Logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Code Injection Superset
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
EPSS 64% CVSS 6.1
MEDIUM PATCH This Month

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Apache Superset
NVD
EPSS 86% CVSS 5.4
MEDIUM PATCH This Month

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Superset
NVD
EPSS 54% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Apache +1
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy