Vulnerabilities > Apache > Superset > 4.0.0

DATE CVE VULNERABILITY TITLE RISK
2024-12-12 CVE-2024-55633 Incorrect Authorization vulnerability in Apache Superset
Improper Authorization vulnerability in Apache Superset.
network
low complexity
apache CWE-863
6.5
2024-12-09 CVE-2024-53948 Unspecified vulnerability in Apache Superset
Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.
network
low complexity
apache
5.3
2024-12-09 CVE-2024-53949 Incorrect Authorization vulnerability in Apache Superset
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default).
network
low complexity
apache CWE-863
6.5
2024-07-16 CVE-2024-39887 Unspecified vulnerability in Apache Superset
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands.
network
low complexity
apache
critical
9.8
2024-06-20 CVE-2024-34693 Unspecified vulnerability in Apache Superset
Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled.
network
high complexity
apache
5.3