Vulnerabilities > Apache > Superset
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-12 | CVE-2024-55633 | Incorrect Authorization vulnerability in Apache Superset Improper Authorization vulnerability in Apache Superset. | 6.5 |
| 2024-12-09 | CVE-2024-53948 | Unspecified vulnerability in Apache Superset Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | 5.3 |
| 2024-12-09 | CVE-2024-53949 | Incorrect Authorization vulnerability in Apache Superset Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). | 6.5 |
| 2024-07-16 | CVE-2024-39887 | Unspecified vulnerability in Apache Superset An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. | 9.8 |
| 2024-06-20 | CVE-2024-34693 | Unspecified vulnerability in Apache Superset Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. | 5.3 |
| 2024-05-07 | CVE-2024-28148 | Unspecified vulnerability in Apache Superset An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. | 4.3 |
| 2024-02-28 | CVE-2024-24772 | SQL Injection vulnerability in Apache Superset A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | 4.3 |
| 2024-02-28 | CVE-2024-24773 | Incorrect Authorization vulnerability in Apache Superset Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. | 6.5 |
| 2024-02-28 | CVE-2024-24779 | Unspecified vulnerability in Apache Superset Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. | 6.5 |
| 2024-02-28 | CVE-2024-26016 | Unspecified vulnerability in Apache Superset A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. | 5.4 |