| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-27526 | Apache Superset: Improper Authorization check on import charts | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:44:45 | Deep Dive |
| CVE-2023-36387 | Apache Superset: Improper API permission for low privilege users | Apache Software Foundation | Apache Superset | Medium | 5.4 | 2023-09-06 12:19:40 | Deep Dive |
| CVE-2023-30776 | Apache Superset: Database connection password leak | Apache Software Foundation | Apache Superset | Medium | 4.9 | 2023-04-24 15:29:53 | Deep Dive |
| CVE-2023-27524 | Apache Superset: Session validation vulnerability when using provided default SECRET_KEY | Apache Software Foundation | Apache Superset | High | 8.9 | 2023-04-24 15:28:17 | Deep Dive |
| CVE-2023-25504 | Apache Superset: Possible SSRF on import datasets | Apache Software Foundation | Apache Superset | Medium | 4.9 | 2023-04-17 16:29:44 | Deep Dive |
| CVE-2023-27525 | Apache Superset: Incorrect default permissions for Gamma role | Apache Software Foundation | Apache Superset | Low | 3.1 | 2023-04-17 16:28:00 | Deep Dive |
| CVE-2022-41703 | Apache Superset: SQL injection vulnerability in adhoc clauses | Apache Software Foundation | Apache Superset | 中危 | - | 2023-01-16 10:14:01 | Deep Dive |
| CVE-2022-45438 | Apache Superset: Dashboard metadata information leak | Apache Software Foundation | Apache Superset | 中危 | - | 2023-01-16 10:12:03 | Deep Dive |
| CVE-2022-43721 | Apache Superset: Open Redirect Vulnerability | Apache Software Foundation | Apache Superset | 中危 | - | 2023-01-16 10:10:53 | Deep Dive |
| CVE-2022-43720 | Apache Superset: Improper rendering of user input | Apache Software Foundation | Apache Superset | 中危 | - | 2023-01-16 10:10:42 | Deep Dive |
| CVE-2022-43719 | Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API | Apache Software Foundation | Apache Superset | 高危 | - | 2023-01-16 10:10:27 | Deep Dive |
| CVE-2022-43718 | Apache Superset: Cross-Site Scripting vulnerability on upload forms | Apache Software Foundation | Apache Superset | 中危 | - | 2023-01-16 10:10:05 | Deep Dive |
| CVE-2022-43717 | Apache Superset: Cross-Site Scripting on dashboards | Apache Software Foundation | Apache Superset | 中危 | - | 2023-01-16 10:08:05 | Deep Dive |
| CVE-2021-37839 | Improper access to dataset metadata information | Apache Software Foundation | Apache Superset | 中危 | - | 2022-07-06 12:35:10 | Deep Dive |
| CVE-2022-27479 | SQL injection vulnerability in chart data API | Apache Software Foundation | Apache Superset | 超危 | - | 2022-04-13 19:05:11 | Deep Dive |
| CVE-2021-44451 | API sensitive information leak | Apache Software Foundation | Apache Superset | 中危 | - | 2022-02-01 13:16:32 | Deep Dive |
| CVE-2021-42250 | Possible log injection | Apache Software Foundation | Apache Superset | 中危 | - | 2021-11-17 15:10:10 | Deep Dive |
| CVE-2021-41972 | Credentials leak | Apache Software Foundation | Apache Superset | 中危 | - | 2021-11-12 18:55:13 | Deep Dive |
| CVE-2021-41971 | Possible SQL Injection when template processing is enabled | Apache Software Foundation | Apache Superset | 高危 | - | 2021-10-18 14:30:14 | Deep Dive |
| CVE-2021-32609 | XSS vulnerability on Explore page | Apache Software Foundation | Apache Superset | 中危 | - | 2021-10-18 14:30:12 | Deep Dive |