Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Apache Superset — Vulnerabilities & Security Advisories 65

All 65 CVE vulnerabilities found in Apache Superset, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPaused
CVE-2026-23969 Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering CWE-89 9.8 -2026-02-24
CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command CWE-89 8.8 -2026-02-24
CVE-2026-23982 Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass CWE-863 6.5 -2026-02-24
CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default) CWE-200 6.5 -2026-02-24
CVE-2026-23984 Apache Superset: SQLLab Read-Only Bypass on PostgreSQL CWE-863 8.1 -2026-02-24
CVE-2025-55675 Apache Superset: Incorrect datasource authorization on REST API CWE-285 4.3AIMediumAI2025-08-14
CVE-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions CWE-89 6.5AIMediumAI2025-08-14
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata CWE-80 5.4AIMediumAI2025-08-14
CVE-2025-55673 Apache Superset: Metadata exposure in embedded charts CWE-200 3.5AILowAI2025-08-14
CVE-2025-48912 Apache Superset: Improper authorization bypass on row level security via SQL Injection CWE-89 6.5AIMediumAI2025-05-30
CVE-2025-27696 Apache Superset: Incorrect authorization leading to resource ownership takeover CWE-863 6.5AIMediumAI2025-05-13
CVE-2024-55633 Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access CWE-863 8.8 -2024-12-12
CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled CWE-863 8.8 -2024-12-09
CVE-2024-53948 Apache Superset: Error verbosity exposes metadata in analytics databases CWE-209 5.3 -2024-12-09
CVE-2024-53947 Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions CWE-89 9.8 -2024-12-09
CVE-2024-39887 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions CWE-89 4.3 Medium2024-07-16
CVE-2024-34693 Apache Superset: Server arbitrary file read CWE-20 6.8 Medium2024-06-20
CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API CWE-863 4.3 Medium2024-05-07
CVE-2024-26016 Apache Superset: Improper authorization validation on dashboards and charts import CWE-863 4.3 Medium2024-02-28
CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset CWE-863 5.0 Medium2024-02-28
CVE-2024-24772 Apache Superset: Improper Neutralisation of custom SQL on embedded context CWE-89 4.3 Medium2024-02-28
CVE-2024-24773 Apache Superset: Improper validation of SQL statements allows for unauthorized access to data CWE-863 4.9 Medium2024-02-28
CVE-2024-27315 Apache Superset: Improper error handling on alerts CWE-209 4.3 Medium2024-02-28
CVE-2024-23952 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) CWE-400 6.5 Medium2024-02-14
CVE-2023-49657 Apache Superset: Stored XSS in Dashboard Title and Chart Title CWE-79 9.6 Critical2024-01-23
CVE-2023-49734 Apache Superset: Privilege Escalation Vulnerability CWE-863 7.7 High2023-12-19
CVE-2023-49736 Apache Superset: SQL Injection on where_in JINJA macro CWE-89 6.5 Medium2023-12-19
CVE-2023-46104 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb CWE-400 6.5 Medium2023-12-19
CVE-2023-42504 Apache Superset: Lack of rate limiting allows for possible denial of service CWE-770 5.8 Medium2023-11-28
CVE-2023-42505 Apache Superset: Sensitive information disclosure on db connection details CWE-200 4.3 Medium2023-11-28

All 65 known CVE vulnerabilities affecting Apache Superset with full Chinese analysis, references, and POCs where available.