| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-23969 | Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering | Apache Software Foundation | Apache Superset | 中危 | - | 2026-02-24 13:02:55 | Deep Dive |
| CVE-2026-23980 | Apache Superset: Improper Neutralization of Special Elements used in a SQL Command | Apache Software Foundation | Apache Superset | 中危 | - | 2026-02-24 12:54:10 | Deep Dive |
| CVE-2026-23982 | Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass | Apache Software Foundation | Apache Superset | 中危 | - | 2026-02-24 12:52:44 | Deep Dive |
| CVE-2026-23983 | Apache Superset: Sensitive Data Exposure via REST API (disabled by default) | Apache Software Foundation | Apache Superset | 中危 | - | 2026-02-24 12:52:11 | Deep Dive |
| CVE-2026-23984 | Apache Superset: SQLLab Read-Only Bypass on PostgreSQL | Apache Software Foundation | Apache Superset | 中危 | - | 2026-02-24 12:51:07 | Deep Dive |
| CVE-2025-55675 | Apache Superset: Incorrect datasource authorization on REST API | Apache Software Foundation | Apache Superset | - | - | 2025-08-14 13:18:54 | Deep Dive |
| CVE-2025-55674 | Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions | Apache Software Foundation | Apache Superset | - | - | 2025-08-14 13:18:11 | Deep Dive |
| CVE-2025-55672 | Apache Superset: Stored XSS on charts metadata | Apache Software Foundation | Apache Superset | - | - | 2025-08-14 13:17:34 | Deep Dive |
| CVE-2025-55673 | Apache Superset: Metadata exposure in embedded charts | Apache Software Foundation | Apache Superset | - | - | 2025-08-14 13:16:27 | Deep Dive |
| CVE-2025-48912 | Apache Superset: Improper authorization bypass on row level security via SQL Injection | Apache Software Foundation | Apache Superset | - | - | 2025-05-30 08:26:16 | Deep Dive |
| CVE-2025-27696 | Apache Superset: Incorrect authorization leading to resource ownership takeover | Apache Software Foundation | Apache Superset | - | - | 2025-05-13 08:21:21 | Deep Dive |
| CVE-2024-55633 | Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-12 14:36:02 | Deep Dive |
| CVE-2024-53949 | Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled | Apache Software Foundation | Apache Superset | 高危 | - | 2024-12-09 13:35:42 | Deep Dive |
| CVE-2024-53948 | Apache Superset: Error verbosity exposes metadata in analytics databases | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-09 13:35:31 | Deep Dive |
| CVE-2024-53947 | Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-09 13:35:10 | Deep Dive |
| CVE-2024-39887 | Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2024-07-16 09:20:11 | Deep Dive |
| CVE-2024-34693 | Apache Superset: Server arbitrary file read | Apache Software Foundation | Apache Superset | Medium | 6.8 | 2024-06-20 08:51:55 | Deep Dive |
| CVE-2024-28148 | Apache Superset: Incorrect datasource authorization on explore REST API | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2024-05-07 13:33:42 | Deep Dive |
| CVE-2024-26016 | Apache Superset: Improper authorization validation on dashboards and charts import | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2024-02-28 11:28:38 | Deep Dive |
| CVE-2024-24779 | Apache Superset: Improper data authorization when creating a new dataset | Apache Software Foundation | Apache Superset | Medium | 5.0 | 2024-02-28 11:28:02 | Deep Dive |