Vulnerabilities > Apache > Superset > 0.38.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-17 | CVE-2021-42250 | Improper Encoding or Escaping of Output vulnerability in Apache Superset Improper output neutralization for Logs. | 4.0 |
| 2021-11-12 | CVE-2021-41972 | Unspecified vulnerability in Apache Superset Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. | 4.0 |
| 2021-10-18 | CVE-2021-32609 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. | 3.5 |
| 2021-10-18 | CVE-2021-41971 | SQL Injection vulnerability in Apache Superset Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL. | 6.0 |
| 2021-04-27 | CVE-2021-28125 | Open Redirect vulnerability in Apache Superset Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. | 6.1 |
| 2021-03-05 | CVE-2021-27907 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. | 5.4 |