Vulnerabilities > Apache > Superset > 0.15.4

DATE CVE VULNERABILITY TITLE RISK
2019-12-16 CVE-2019-12413 Unspecified vulnerability in Apache Superset
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
network
low complexity
apache
5.3
5.3
2018-11-07 CVE-2018-8021 Deserialization of Untrusted Data vulnerability in Apache Superset
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8