Filter
-Infinity
0

Trending

Last week
Last month
Last year

pip/apache-supersetApache Superset: SQLLab Improper readonly query validation allows unauthorized write access

high
7.1
First published (updated )
CVE-2024-55633

pip/apache-supersetApache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

high
7.6
First published (updated )
CVE-2024-53949

pip/apache-supersetApache Superset: Error verbosity exposes metadata in analytics databases

medium
5.3
First published (updated )
CVE-2024-53948

pip/apache-supersetApache Superset: Improper SQL authorisation, parse not checking for specific engine functions

critical
9.8
First published (updated )
CVE-2024-39887

pip/apache-supersetApache Superset: Server arbitrary file read

medium
6.8
First published (updated )
CVE-2024-34693

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-supersetApache Superset: Incorrect datasource authorization on explore REST API

medium
4.3
First published (updated )
CVE-2024-28148

pip/apache-supersetApache Superset: Improper Neutralisation of custom SQL on embedded context

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2024-24772

pip/apache-supersetApache Superset: Improper error handling on alerts

medium
4.3
EPSS
0.04%
First published (updated )
CVE-2024-27315

pip/apache-supersetApache Superset: Stored XSS in Dashboard Title and Chart Title

critical
9.6
First published (updated )
CVE-2023-49657

pip/apache-supersetApache Superset: Privilege Escalation Vulnerability

high
7.7
First published (updated )
CVE-2023-49734

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-supersetApache Superset: SQL Injection on where_in JINJA macro

high
8.8
First published (updated )
CVE-2023-49736

Apache SupersetApache Superset: Allows for uncontrolled resource consumption via a ZIP bomb

medium
6.5
First published (updated )
CVE-2023-46104

Apache SupersetApache Superset: Lack of rate limiting allows for possible denial of service

medium
6.5
First published (updated )
CVE-2023-42504

pip/apache-supersetApache Superset: Sensitive information disclosure on db connection details

medium
4.3
First published (updated )
CVE-2023-42505

Apache SupersetApache Superset: Open Redirect Vulnerability

medium
5.4
First published (updated )
CVE-2023-42502

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-supersetApache Superset: Stored XSS on API endpoint

medium
5.4
First published (updated )
CVE-2023-43701

Apache SupersetApache Superset: Unnecessary read permissions within the Gamma role

medium
4.3
First published (updated )
CVE-2023-42501

pip/apache-supersetApache Superset: Privilege escalation with default examples database

high
8.8
First published (updated )
CVE-2023-40610

Apache SupersetApache Superset: SQL parser edge case bypasses data access authorization

medium
4.3
First published (updated )
CVE-2023-32672

Apache SupersetApache Superset: Metadata db write access can lead to remote code execution

medium
6.6
First published (updated )
CVE-2023-37941

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache SupersetApache Superset: Possible Unauthorized Registration of SQLite Database Connections

medium
6.5
First published (updated )
CVE-2023-39265

Apache SupersetApache Superset: Stack traces enabled by default

medium
4.3
First published (updated )
CVE-2023-39264

Apache SupersetApache Superset: Improper Authorization check on import charts

medium
4.3
First published (updated )
CVE-2023-27526

Apache SupersetApache Superset: Improper data permission validation on Jinja templated queries

medium
5
First published (updated )
CVE-2023-27523

pip/apache-supersetApache Superset: Improper API permission for low privilege users allows for SSRF

medium
5.4
First published (updated )
CVE-2023-36388

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-supersetApache Superset: Improper API permission for low privilege users

medium
5.4
First published (updated )
CVE-2023-36387

Apache SupersetApache Superset: Database connection password leak

medium
6.5
First published (updated )
CVE-2023-30776

Apache SupersetApache Superset Insecure Default Initialization of Resource Vulnerability

critical
9.8
Exploited
First published (updated )
CVE-2023-27524

Apache SupersetApache Superset: Possible SSRF on import datasets

medium
6.5
First published (updated )
CVE-2023-25504

Apache SupersetApache Superset: Incorrect default permissions for Gamma role

medium
4.3
First published (updated )
CVE-2023-27525

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203