Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Superset — Vulnerabilities & Security Advisories 65

All 65 CVE vulnerabilities found in Apache Superset, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2023-42502 Apache Superset: Open Redirect Vulnerability CWE-601 4.8 Medium2023-11-28
CVE-2023-43701 Apache Superset: Stored XSS on API endpoint CWE-79 4.3 Medium2023-11-27
CVE-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role CWE-276 4.3 Medium2023-11-27
CVE-2023-40610 Apache Superset: Privilege escalation with default examples database CWE-863 6.3 Medium2023-11-27
CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization CWE-863 4.3 Medium2023-09-06
CVE-2023-37941 Apache Superset: Metadata db write access can lead to remote code execution CWE-502 6.6 Medium2023-09-06
CVE-2023-39265 Apache Superset: Possible Unauthorized Registration of SQLite Database Connections CWE-20 3.8 Low2023-09-06
CVE-2023-39264 Apache Superset: Stack traces enabled by default CWE-209 4.3 Medium2023-09-06
CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries CWE-863 5.0 Medium2023-09-06
CVE-2023-36388 Apache Superset: Improper API permission for low privilege users allows for SSRF CWE-918 4.3 Medium2023-09-06
CVE-2023-27526 Apache Superset: Improper Authorization check on import charts CWE-863 4.3 Medium2023-09-06
CVE-2023-36387 Apache Superset: Improper API permission for low privilege users CWE-863 5.4 Medium2023-09-06
CVE-2023-30776 Apache Superset: Database connection password leak CWE-522 4.9 Medium2023-04-24
CVE-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY CWE-1188 8.9 High2023-04-24
CVE-2023-25504 Apache Superset: Possible SSRF on import datasets CWE-918 4.9 Medium2023-04-17
CVE-2023-27525 Apache Superset: Incorrect default permissions for Gamma role CWE-863 3.1 Low2023-04-17
CVE-2022-41703 Apache Superset: SQL injection vulnerability in adhoc clauses 5.4 -2023-01-16
CVE-2022-45438 Apache Superset: Dashboard metadata information leak CWE-668 5.3 -2023-01-16
CVE-2022-43721 Apache Superset: Open Redirect Vulnerability CWE-601 5.4 -2023-01-16
CVE-2022-43720 Apache Superset: Improper rendering of user input CWE-74 4.6 -2023-01-16
CVE-2022-43719 Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API CWE-352 8.8 -2023-01-16
CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms CWE-79 5.4 -2023-01-16
CVE-2022-43717 Apache Superset: Cross-Site Scripting on dashboards CWE-79 5.4 -2023-01-16
CVE-2021-37839 Improper access to dataset metadata information CWE-273 4.3 -2022-07-06
CVE-2022-27479 SQL injection vulnerability in chart data API CWE-89 9.8 -2022-04-13
CVE-2021-44451 API sensitive information leak CWE-522 6.5 -2022-02-01
CVE-2021-42250 Possible log injection CWE-117 6.5 -2021-11-17
CVE-2021-41972 Credentials leak CWE-522 6.5 -2021-11-12
CVE-2021-41971 Possible SQL Injection when template processing is enabled CWE-89 8.8 -2021-10-18
CVE-2021-32609 XSS vulnerability on Explore page CWE-79 6.4 -2021-10-18

All 65 known CVE vulnerabilities affecting Apache Superset with full Chinese analysis, references, and POCs where available.