pkg:PyPI/apache-superset

All known vulnerabilities

• HIGH8.9CVE-2023-27524⚠ KEVApache superset missing check for default SECRET_KEY
  from 0, < 2.1.0
• CRITICAL9.8CVE-2024-53947Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
  from 0, < 4.1.0
• CRITICAL9.8SQL injection in apache-superset
  from 0, < 1.4.2
• CRITICAL9.8SQL injection in apache-superset
  from 0, < 1.4.2
• CRITICAL9.6Cross-site Scripting in Apache superset
  from 0, < 3.0.3
• HIGH8.8Apache Superset Allows Ownership Takeover
  from 0, < 4.1.2
• HIGH8.8Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
  from 0, <= 1.5.2
• HIGH8.8Apache Superset OS Command Injection
  from 0, < 0.37.1
• HIGH8.8Apache Superset OS Command Injection
  from 0, < 0.37.1
• HIGH8.8Apache Superset SQL Injection when template processing is enabled
  from 0, < 1.3.1
• HIGH8.8Apache Superset SQL Injection when template processing is enabled
  from 0, < 1.3.1
• HIGH8.1Plaintext password leak in Apache Superset
  from 0, < 0.37.2
• HIGH8.1Plaintext password leak in Apache Superset
  from 0, < 0.37.2
• HIGH7.7Apache Superset incorrect write permissions vulnerability
  from 0, < 2.1.3
• HIGH7.3Apache Superset - Elevation of Privilege
  from 0, < 2.1.2
• MEDIUM6.8Apache Superset server arbitrary file read
  from 0, < 3.1.3
• MEDIUM6.6Apache Superset Deserialization of Untrusted Data vulnerability
  >= 1.5.0, < 2.1.1
• MEDIUM6.5Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
  from 0, < 4.1.0
• MEDIUM6.5Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
  >= 2.0.0, < 4.1.0
• MEDIUM6.5Apache Superset SQL injection vulnerability
  from 0, < 2.1.3
• MEDIUM6.5Apache Superset uncontrolled resource consumption
  from 0, < 2.1.2
• MEDIUM6.5Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
  from 0, < 3.0.0
• MEDIUM6.5Apache Superset Improper Input Validation vulnerability
  from 0, <= 2.1.0
• MEDIUM6.5Apache Superset vulnerable to Exposure of Sensitive Information
  >= 1.3.0, < 2.1.0
• MEDIUM6.5Apache Superset Server-Side Request Forgery vulnerability
  from 0, < 2.1.0
• MEDIUM6.5Improper Encoding or Escaping of Output in Apache Superset
  from 0, < 1.3.2
• MEDIUM6.5Improper Encoding or Escaping of Output in Apache Superset
  from 0, < 1.3.2
• MEDIUM6.5Apache Superset allowed for database connections password leak for authenticated users
  from 0, < 1.3.2
• MEDIUM6.5Apache Superset allowed for database connections password leak for authenticated users
  from 0, < 1.3.2
• MEDIUM6.5Insufficiently Protected Credentials in Apache Superset
  from 0, < 1.4.0
• MEDIUM6.5Insufficiently Protected Credentials in Apache Superset
  from 0, < 1.4.0
• MEDIUM6.5Information disclosure in Apache Superset
  from 0, < 0.35.2
• MEDIUM6.5Information disclosure in Apache Superset
  >= 0.34.0, < 0.35.2
• MEDIUM6.1Open Redirect in Apache Superset
  from 0, < 1.1.0
• MEDIUM6.1Open Redirect in Apache Superset
  from 0, < 1.1.0
• MEDIUM5.4Apache Superset Open Redirect vulnerability
  from 0, < 3.0.0
• MEDIUM5.4Apache Superset has improper default REST API permission for Gamma users
  from 0, <= 2.1.0
• MEDIUM5.4Apache Superset vulnerable to Cross-site Scripting
  from 0, <= 1.5.2
• MEDIUM5.4Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
  from 0, <= 1.5.2
• MEDIUM5.4Apache Superset is vulnerable to Cross-Site Scripting (XSS)
  from 0, <= 1.5.2
• MEDIUM5.4Apache Superset vulnerable to Injection
  from 0, <= 1.5.2
• MEDIUM5.4Apache Superset Open Redirect vulnerability
  from 0, <= 1.5.2
• MEDIUM5.4Apache Superset Stored XSS on Dashboard markdown
  from 0, < 0.38.1
• MEDIUM5.4Apache Superset Stored XSS on Dashboard markdown
  from 0, < 0.38.1
• MEDIUM5.4Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
  from 0, < 1.2.0
• MEDIUM5.4Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
  from 0, < 1.2.0
• MEDIUM5.3Apache Superset: Error verbosity exposes metadata in analytics databases
  from 0, < 4.1.0
• MEDIUM5.3Apache Superset has Improper Access Control
  from 0, <= 1.5.2
• MEDIUM5.3Users able to query database metadata in Apache Superset
  from 0, < 0.31.0
• MEDIUM5.3Users able to query database metadata in Apache Superset
  from 0, < 0.31
• MEDIUM5.3Users can view database names in Apache Superset
  from 0, < 0.32.0
• MEDIUM5.3Users can view database names in Apache Superset
  from 0, < 0.32
• MEDIUM5.0Apache Superset: Improper data authorization when creating a new dataset
  from 0, < 3.0.4
• MEDIUM5.0Apache Superset vulnerable to improper data authorization
  from 0, <= 2.1.0
• MEDIUM4.9Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
  from 0, < 3.0.4
• MEDIUM4.3Apache Superset vulnerable to improper SQL authorization
  from 0, < 4.0.2
• MEDIUM4.3Apache Superset Incorrect Authorization vulnerability
  from 0, < 3.1.2
• MEDIUM4.3Apache Superset: Improper authorization validation on dashboards and charts import
  from 0, < 3.0.4
• MEDIUM4.3Apache Superset: Improper Neutralization of custom SQL on embedded context
  from 0, < 3.0.4
• MEDIUM4.3Apache Superset: Improper error handling on alerts
  from 0, < 3.0.4
• MEDIUM4.3Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
  from 0, < 3.0.0
• MEDIUM4.3Apache Superset has Incorrect Default Permissions
  from 0, < 2.1.2
• MEDIUM4.3Apache Superset Cross-site Scripting vulnerability
  from 0, < 2.1.2
• MEDIUM4.3Apache Superset has incorrect authorization check
  from 0, <= 2.1.0
• MEDIUM4.3Apache Superset Server Side Request Forgery vulnerability
  from 0, <= 2.1.0
• MEDIUM4.3Apache Superset may expose internal traces on REST API endpoints
  from 0, <= 2.1.0
• MEDIUM4.3Apache Superset users may incorrectly create resources using the import charts feature
  from 0, <= 2.1.0
• MEDIUM4.3Apache Superset vulnerable to Improper Authorization
  from 0, <= 2.0.1
• MEDIUM4.3Apache Superset allows authenticated users to access metadata they have no permission to
  from 0, < 1.5.1
• —Apache Superset Improper Authorization allows low-privileged users to bypass access controls
  from 0, < 6.0.0
• —Apache Superset allows authenticated users to view sensitive data without explicit permissions
  from 0, < 6.0.0
• —Apache Superset allows privileged users to conduct error-based SQL Injection
  from 0, < 6.0.0
• —Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections
  from 0, < 6.0.0
• —Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine
  from 0, < 4.1.2
• —Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
  from 0, < 5.0.0
• —Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
  from 0, < 5.0.0
• —Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
  from 0, < 5.0.0
• —Apache Superset data query improperly discloses database schema information to low-privileged guest user
  from 0, < 4.1.3.post1
• —Apache Superset: Improper authorization bypass on row level security via SQL Injection
  from 0, < 4.1.2