Filter
Versions
pip/apache-supersetSQL injection vulnerability in chart data API
9.8
First published (updated )
Apache SupersetApache Superset Insecure Default Initialization of Resource Vulnerability
First published (updated )
pip/supersetVersions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize…
9.8
First published (updated )
pip/apache-supersetApache Superset: Stored XSS in Dashboard Title and Chart Title
9.6
First published (updated )
Apache SupersetPossible SQL Injection when template processing is enabled
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache SupersetApache Superset: Cross Site Request Forgery (CSRF) on accept, request access API
8.8
First published (updated )
pip/apache-supersetApache Superset: Privilege escalation with default examples database
8.8
First published (updated )
pip/apache-supersetApache Superset: SQL Injection on where_in JINJA macro
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-supersetApache Superset: Privilege Escalation Vulnerability
7.7
First published (updated )
Apache SupersetApache Superset: Metadata db write access can lead to remote code execution
6.6
First published (updated )
pip/apache-supersetApache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)
6.5
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache SupersetApache Superset: Possible Unauthorized Registration of SQLite Database Connections
6.5
First published (updated )
Apache SupersetApache Superset: Possible SSRF on import datasets
6.5
First published (updated )
Apache SupersetApache Superset: Database connection password leak
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache SupersetApache Superset: Lack of rate limiting allows for possible denial of service
6.5
First published (updated )
Apache SupersetApache Superset: Allows for uncontrolled resource consumption via a ZIP bomb
6.5
First published (updated )
Apache SupersetApache Superset stored XSS on Dashboard markdown
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-supersetApache Superset: Improper API permission for low privilege users
5.4
First published (updated )
pip/apache-supersetApache Superset: Improper API permission for low privilege users allows for SSRF
5.4
First published (updated )
Apache SupersetApache Superset: Cross-Site Scripting on dashboards
5.4
First published (updated )
Apache SupersetApache Superset: SQL injection vulnerability in adhoc clauses
5.4
First published (updated )
Apache SupersetApache Superset: Improper rendering of user input
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.